Mid-market IT teams are caught between rising GDPR fines and demands for AI email tools. Here is a practical framework for selecting zero-retention Outlook add-ins that improve team communication without creating hidden data liabilities under the 2025 Digital Omnibus proposal.
Key takeaways
- The 2025 Digital Omnibus proposal rewards M365 architectures that strictly minimize data flows.
- Add-ins retaining transient logs become data processors, triggering complex GDPR compliance obligations.
- Zero-retention tools process emails ephemerally in RAM and discard them immediately after rewriting.
- Standardizing on zero-retention add-ins reduces RoPA entries and lowers cyber insurance premiums.
Regulatory Shifts
How the 2025 Digital Omnibus Proposal Impacts M365 Teams
The European Commission's November 2025 Digital Omnibus proposal changes how mid-market organizations must handle data processors, rewarding architectures that minimize data flows. The proposal aims to ease compliance burdens by clarifying personal data definitions and extending breach notification windows, but it arrives amid sustained enforcement pressure. European supervisory authorities issued approximately €1.2 billion in GDPR fines in 2025 alone, pushing the cumulative total past €7.1 billion since 2018, according to Kiteworks.
Mid-market teams feel this acutely. Recent data shows 77% of organizations operate in hybrid IT environments, yet many lack unified visibility into sensitive data across M365 and third-party SaaS tools. Compliance costs for US and global organizations handling EU data routinely run from $1 million to over $10 million annually. Smaller teams are disproportionately burdened by record-keeping, Data Protection Impact Assessments (DPIAs), and processor oversight.
For Outlook-heavy functions like customer service, sales, and internal coordination, the risk concentrates in add-ins that touch email content. If your M365 environment relies on third-party communication tools, the regulatory expectation is that you maintain absolute control over where that message data travels and how long it lives.
Hidden Risks
Why Do Outlook Add-Ins Create Persistent Compliance Blind Spots?
Add-ins that retain transient logs or use messages for model training automatically become data processors, triggering complex compliance obligations. Microsoft's own guidance on Office Add-ins privacy stresses that developers must limit personally identifiable information (PII) use and avoid storing sensitive data, yet real-world incidents reveal massive gaps.
A January 2026 analysis by Varonis detailed how Outlook add-ins can exfiltrate sensitive email data without leaving forensic traces in Unified Audit Logs, creating detection blind spots that persist for months. But there's a catch: in practice, many AI-powered email tools request broad Graph permissions (like Mail.ReadWrite.All) to function across folders. Once granted at the tenant level, these permissions allow the vendor to access far more than the single message being rewritten.
In our experience auditing dozens of M365 tenants, we've seen this firsthand: a sales team adopts a tone-adjustment add-in for faster follow-ups. The security review is cursory because "it only rewrites drafts." Six months later, an audit reveals the vendor's privacy policy allows 30-day log retention for quality control. An add-in that retains even transient logs becomes a data processor, triggering Data Processing Agreements and expanded breach surface area. The resulting scramble to issue Data Subject Access Request (DSAR) responses, update Records of Processing Activities (RoPA), and negotiate a DPA consumes weeks of administrative time.
While tools like Grammarly or Wordtune offer writing assistance, any platform that retains user data for model training or debugging introduces third-party processor liability that mid-market IT teams must actively manage.
The Standard
What Is True Zero-Retention Architecture for Email Tools?
Zero retention means the add-in processes email content entirely in memory and discards it immediately after generating the output. There is no storage on vendor servers, no logs containing message text (seriously), no use for training large language models, and no persistent records after the request completes.
Sound familiar? You ask a vendor how they handle data, and they send back a 40-page security whitepaper about AES-256 encryption. That's the wrong answer to the right question. Encryption is not deletion. If the data exists on a vendor's server, it is subject to subpoena, vulnerable to breach, and requires a RoPA entry.
Here's why that matters: true zero retention fundamentally changes your compliance posture. Zero retention eliminates the need for a full DPA because the vendor does not process personal data in the controller-processor sense once the message is discarded. RoPA entries become minimal or entirely unnecessary for that specific tool. DPIAs are vastly simplified because the breach impact radius is limited strictly to the local, active session.
In M365 environments, true zero-retention tools integrate via the Outlook web add-in model or native desktop extensions while respecting Microsoft Purview data loss prevention (DLP) rules. By processing ephemerally, the tool improves communication without exposing the original content beyond the user's tenant, perfectly aligning with the GDPR principle of data minimization.
Vendor Evaluation
A Practitioner's Framework for Auditing Zero-Retention Claims
Selecting the right add-in requires moving past marketing claims of "privacy-focused" design. You need a repeatable framework to verify that a tool actually discards data. Use this checklist when evaluating any new communication add-in for your M365 tenant.
Demand a Data Flow Diagram:
Require the vendor to map exactly what happens to message content. Acceptable flows stay within ephemeral environments, process in RAM, return the rewritten text, and confirm deletion. Reject any diagram showing temporary storage, quality review queues, or feedback loops that retain samples.
Verify Permission Scope:
Check the manifest for delegated permissions limited to the current item (MailboxItem.Read) rather than tenant-wide access (Mailbox.ReadWrite.All). Test in a sandbox tenant to confirm it functions without global admin consent.
Review Compliance Artifacts:
Look for SOC 2 Type II reports that explicitly test data deletion controls. Ask for independent penetration test results focused on exfiltration paths and a privacy policy stating zero training on customer emails.
Test Real-World Workloads:
Simulate high-volume scenarios, such as cross-border contract negotiations containing special-category data. Inspect browser developer tools or M365 audit logs for any unexpected outbound calls or stored state. Measure latency, if an add-in takes 10 seconds to rewrite an email, users will abandon it and revert to shadow IT.
Establish Ongoing Governance:
Add the approved add-in to your Microsoft Purview inventory. Schedule quarterly permission reviews and require vendors to notify you of any architecture changes before they are pushed to production.
Teams that follow this framework reduce evaluation time from weeks to days and avoid the costly pattern of adopting, auditing, and eventually ripping out non-compliant tools.
Real-World Application
How to Balance Strict GDPR Compliance with Email Productivity
Deploying a zero-retention tool allows customer-facing teams to adjust their tone without exposing sensitive threads to external processors. Consider a 320-employee manufacturing firm with significant EU customer contracts. Their customer service team previously spent nearly a third of their week softening complaint responses to maintain relationships while meeting regulatory tone requirements.
After deploying a zero-retention add-in, they rewrote responses for clarity and empathy directly inside Outlook. Because the original messages never left the tenant permanently, the IT team avoided adding another DPA to their roster of active agreements.
Sales teams show similar patterns. A mid-market SaaS provider handling GDPR-sensitive pilot negotiations used a zero-retention tool to adjust overly aggressive follow-ups after periods of silence. The ability to adjust formality across cultures produces natural output without exposing the original content beyond the user's tenant.
If your email sounds blunt, the recipient will spend the rest of the day thinking about the perceived slight instead of doing the work. For non-native English speakers across global teams, the ability to request a more professional tone for a German regulator audience, or to increase empathy while keeping directness, is invaluable. When users paste sensitive company data into public AI chatbots, they bypass all M365 DLP controls. A zero-retention add-in keeps that workflow securely inside Outlook.
Procurement Traps
Common Pitfalls in M365 Add-In Procurement
Look, here's the thing: the most frequent mistake IT admins make is equating "no training on your data" with true zero retention. A vendor can promise not to use your emails to train their language models while still logging the text for debugging or abuse prevention.
Some tools still log metadata or retain hashed versions for abuse prevention, which still triggers GDPR processor obligations. Another major pitfall is legacy COM add-ins migrating to the new Outlook web framework in 2026 without updated privacy controls. Microsoft has heavily emphasized the shift to web-based add-ins, deprecating legacy COM architectures. But as vendors rush to rewrite their tools for the new framework, many are taking shortcuts with data handling. They spin up cloud databases to handle processing that used to happen locally on the desktop. If you aren't auditing these architectural changes, you might accidentally approve a massive new data processor.
Finally, do not assume the 2025 Digital Omnibus simplifications will automatically grandfather in poor architectures. The proposal rewards responsible innovation. Tools that already practice strict data minimization will require the least adaptation when the final amendments take effect. Relying on vague regulatory relief to cover up a leaky data architecture is a dangerous gamble for any mid-market organization.
Tracking Success
How Do You Measure Compliance and Efficiency Outcomes?
Success means tracking a reduction in new RoPA entries alongside a measurable decrease in time spent drafting emails. Once you deploy a zero-retention add-in, you need concrete metrics to prove the value to both the security committee and the business units.
Track these key performance indicators (KPIs) after deployment:
Compliance Posture:
Reduction in new DPIAs related to communication tools and the number of high-risk Graph permissions revoked.
Efficiency Gains:
Time spent on email drafting (typically a 15–40% reduction in knowledge-worker teams).
Audit Cleanliness:
Zero audit findings related to unauthorized third-party data processors.
Mid-market organizations that standardize on zero-retention add-ins report faster vendor onboarding during sales cycles because customers ask fewer security questionnaires when data isn't retained. When you can prove to an underwriter that your communication tools retain zero data, your cyber insurance risk profile drops significantly.
This is exactly why Professionally was built. As an Outlook-native tool used daily by teams at over 100 companies, Professionally processes emails ephemerally and immediately discards them. It supports tone, clarity, and grammar rewriting without retention, allowing IT admins to audit GDPR compliance confidently while giving teams the writing support they need.
Future-Proofing
Preparing Your M365 Tenant for the Post-Omnibus Landscape
The Digital Omnibus signals a regulatory shift toward proportionality, meaning tools that practice strict data minimization will require the least adaptation. Mid-market M365 IT admins who prioritize zero-retention architectures now will spend less time on administrative paperwork and more time on strategic security initiatives as the rules evolve.
Zero retention is no longer a nice-to-have privacy feature; it is the baseline standard for any add-in touching sensitive correspondence. By embedding this evaluation framework into your procurement policy, you ensure your team can standardize email tone and improve clarity without ever compromising your regulatory posture.
The tools you choose must enhance communication without creating hidden data liabilities. Start auditing your current Outlook add-ins today, and replace anything that can't prove ephemeral processing.
FAQ
Zero retention means the add-in processes the email message in memory only, generates the rewritten version, returns it to the user, and discards the original content immediately. There is no vendor-side storage, logging of message text, or use for model training, which minimizes GDPR processor obligations.
The proposal, published in November 2025, simplifies certain GDPR requirements, including extending breach notification to 96 hours and clarifying personal data scope for processors. IT admins should favor add-ins with data minimization architectures so they benefit from these changes when amendments are adopted.
Regulators issued €1.2 billion in fines in 2025, bringing the cumulative total above €7.1 billion. Enforcement increasingly targets processors for failures such as retaining data after contracts end or processing outside controller instructions. Zero-retention designs remove these liabilities entirely.
Review Graph permission scopes, request data flow diagrams confirming ephemeral processing, and examine SOC 2 reports for deletion controls. Any add-in requesting broad mailbox access or admitting to temporary storage should be prioritized for replacement with zero-retention alternatives.
Professionally is an Outlook-native tool that rewrites emails for tone, clarity, and grammar using a strict zero-retention architecture. It processes content ephemerally and discards it immediately without storage, logs, or training use, allowing IT admins to deploy productivity features without expanding their GDPR processor obligations.
Write better emails in seconds
Professionally rewrites your emails instantly, adjusting tone, clarity, and length for any situation.
Try it free