GDPR intranet compliance checklist

With GDPR in force since the 25th May 2018, it’s important to understand how to make sure that you are compliant.

We have compiled a useful checklist, tailored to intranet managers.

GDPR checklist for intranet managers:

  • Can I delete a user?
  • Am I able to completely delete a user and all traces of their data
  • Can I re-assign content?
  • If I need to, can I re-assign content? 
  • If someone leaves an organisation and requests that their data be deleted, do I know how to do this?
  • If I can’t re-assign the content then can I delete it?
  • Am I able to delete content and all traces of its data?
  • Can I anonymise/pseudonomise the data?
  • If I need to keep the data for a legitimate business reason but I do not need their personally identifiable information then can I anonymise/pseudonymise it?
  • Do you have the ability to pull out all users that have previously been anonymised?
  • Can I download data from the intranet?
  • Can I easily locate and extract data?
  • If someone requests to know what data is held on them, can I easily access this information? If I need to extract this data, is this easily doable and am I allowed to do so?
  • Has the data been obtained and processed fairly and lawfully?
  • Has the data subject’s permission been sought prior to their data being processed?
  • Do I know my organisation’s…
  • Data retention policy?
  • Privacy notice/policy?
  • Data protection policy?
  • Right to erasure policy?
  • Is my data up to date?
  • Have all of the people my company holds data on been notified about GDPR and been given the choice to have their data deleted?
  • Is the data adequately protected?
  • Is the data we hold adequately protected from security breaches?
  • Is the data protected from being viewed by people who do not have permission to do so?
  • Is there a clear process for if a data breach occurs?
  • Do we have a clear process/policy on what steps/action to take if a data breach occurs?
  • Has the data subject consented to the processing?
  • Do I have the data subject’s consent to process their information?
  • Do you have the ability to pull out and remove any personal data within your data analytics?
  • Do I fully understand what data my analytics program holds on a data subject?
  • If I delete a user, does their name still appear in content/pages revisions?
  • If so, can I stop this from happening?
  • If I delete a user, does their name still appear within dashboards?
  • If so, can I stop this from happening?
  • If I delete a user, what happens to their @mentions?
  • Will @mentions or text mentions still show the data subject’s name, if so, can I stop this from happening?
  • Is it possible to obtain all data that mentions your users or their personal information?

We hope that you have found this checklist useful. 

Download a copy of our checklist

Invotra provides the toolset to help organisations achieve digital transformation by offering an intranet that will give you both control and flexibility, in a highly secure, scalable and accessible way.

Feel free to contact us today for a free demo.