Re: What about Office Suites?
If it's used only by your organisation to process non personal data then it's OK.
If you use it to process and transfer personal data of clients or third parties that have not signed an informed consent then your DPO is doing it wrong.
Please note that the "informed" part of the informed consent is also important. Your DPO cannot assume that the user and the data subjects may be fully aware of the implications of what they are signing.
If you ask "Is it OK for you to use Microsoft Teams?", that's not informed consent.
The data subjects, that includes also any other identifiable person you may mention in your conversations even if they are not employees, haven't been informed that by allowing their data to be processed in clear by Microsoft their are OK to waive their fundamental right to privacy. Today they may say OK for a badly performing chat platform, tomorrow they may be asked to do the same for other platforms.
While each one of us could make an informed decision in regards to the information we want to share on LinkedIn, Facebook, Twitter, The Register, etc. and evaluate carefully what we want to say, we may not realise how much more we give away during an informal chat on Teams while we are using it and when we think we are not.