The General Data Protection Regulatory (GDPR) will take effect in May, defining a new standard for how personal data is handled in connection with professional and commercial activities. The aim is to ensure more transparency about personal data storage and to provide individual citizens more control over what information is kept about them and utilized.
In this post, we will outline what you need to know about your Wizdom solution in relation to GDPR. We will describe the user data, that is stored in the Wizdom solution, and introduce to the coming updates to our product that enable Wizdom data GDPR compliance.
What Data is Stored in your Wizdom solution?
The majority of data in your intranet solution is stored in SharePoint. However, for the proper functioning of Wizdom’s modules and web parts, some information is also stored in the Wizdom solution. The information stored about users in Wizdom is exclusively relevant data that is necessary for the operation of an intranet solution.
All data stored in Wizom is stored in the Wizdom database of the client’s Wizdom solution. Below, we will walk you through the user data that is stored here.
1) User Properties
Wizdom will store the following properties of users’ from (Azure) Active Directory:
- full name,
- account name,
- and membership of AD groups.
The user properties are stored in one central table in the Wizdom database of the customer’s Wizdom solution. Storing these properties from Active Directory in the Wizdom solution allows the Wizdom product to deliver the needed performance in regard to speed of page load.
2) Data for Analytics
Wizdom will log how users in an organization use the intranet to provide statistics of the solution to intranet admins. The logged data includes page loads with reference to user, page, and time. You can disable analytics in your solution which will stop the logging of users’ intranet usage.
3) Activities Related to Intranet Content
Sometimes, Wizdom will log a reference to the user. This is e.g. the case when the user likes and comments content, answers polls, is contact person for content, editor of content, or creates messages in the solution. This enables Wizdom’s notifications mechanism, content governance mechanism, and the proper functioning of a selection of Wizdom’s modules.
4) Content Created by Users
The majority of content created on your intranet is stored in SharePoint. However, some content that users create will be held in Wizdom. This includes editorial content e.g. in messages, comments, and FAQ’s.
If users enter personal data as content in the solution it will be the customers own responsibility. However, of course upon the customer’s request and agreement, selected people in Wizdom Consulting can be given access to write ad hoc database queries to locate possible sensitive editorial content created by users in Wizdom and/or SharePoint.
Product Updates to Meet the Principle of the Right to Be Forgotten
To meet the principle of the right to be forgotten, we will release a version of Wizdom with the following additions no later than mid-May 2018:
A function where a user can be selected to be ‘forgotten’ will be introduced. This function will anonymize the user’s full name and email where these data appear in the database of the customer’s Wizdom solution. Meaning that for all GDPR purposes that person’s information is no longer stored, and any content, the user has provided, will have ‘unknown’ as author.
Wizdom’s analytics mechanism will be changed so that instead of collecting full name and login (to enable reports about unique user visits), an internal ID of the user will be stored. When a user is ‘forgotten’, that ID, then, can no longer be traced back to that person’s information.
Recommendations to our Customers’ GDPR Policies Concerning Their Wizdom Solution
As described, solely data that is necessary for the proper functioning of an intranet solution is automatically stored in the customer’s Wizdom solution.
To comply with the new standards for handling personal data, we can, therefore, be content with recommending the following three practices in relation to our clients’ Wizdom solutions:
1) When an employee is part of the organization, we recommend our clients to store the user properties of that employee in the Wizdom solution.
2) After employees leave the organization, we recommend that they will either be automatically forgotten in the Wizdom solution, or that a function is set up so that employees can easily request to be forgotten.
3) We recommend our clients to carefully remind their employees to take responsibility and be mindful of privacy regulations. This includes recommending employees to not store unnecessary personal information as editorial content.
The original article was published here