When an encrypted message is sent by a third-party O365 tenant (outside of your org) for which the DLP Cloud Service does not have a decryption key, if this encrypted message is read by an employee who then replies to the message, their response will not be decrypted or blocked by DLP even though it is outbound from your O365 tenant.
This is a known limitation at present as the DLP integration with O365 does NOT have a encryption key to the third party tenant it is not able to decrypt the message content and there inspect the message for sensitive content.
We are currently exploring possible solutions to address this technical limitation including blocking content which we cannot decrypt, however we do not have an ETA for this functionality and there is no workaround available at this time.