Microsofts Data Privacy & Residency (OST, DPA, ...)

Microsoft made the world easier for all stuff around data privacy. As world leader in software the question is always about data privacy, where your data is and how MS is handling this.

Also Microsoft does not make any difference if someone is falling under GDPR or not as this was originally designed to protect personal data from European citizens. Microsoft is treating this as it applies to everybody on the planet (not just Europeans!)

Also for us consultants this topic become easier as Microsoft had bundled the information's in these 3 main and up to date sources (documents).

The always state of the art and updated "Online Service Terms" (OST)
This is the "bible" for everything around the online services from Microsoft.
(2nd section on this page. You get also localized versions of the OSTs)

Then the Online Services Data Protection Addendum (DPA) 
These terms commit Microsoft to the requirements of processors in GDPR Article 28 and other relevant articles of the GDPR. You get also localized versions of the DPA.

Data Residency (to see where your data is)
This is also one of the rare conditions where the german site is better than the US one.
In German for M365:

In English:

The general site:
(you may need to expand the section "Cloud service data residency and transfer policy")

And the Workers Council Mega Guidance
(sorry at the moment in German only. English version is in preparation!)