With GDPR in force since the 25th May 2018, it’s important to understand how to make sure that you are compliant.
We have compiled a useful checklist, tailored to intranet managers.
GDPR checklist for intranet managers:
- Can I delete a user?
- Am I able to completely delete a user and all traces of their data
- Can I re-assign content?
- If I need to, can I re-assign content?
- If someone leaves an organisation and requests that their data be deleted, do I know how to do this?
- If I can’t re-assign the content then can I delete it?
- Am I able to delete content and all traces of its data?
- Can I anonymise/pseudonomise the data?
- If I need to keep the data for a legitimate business reason but I do not need their personally identifiable information then can I anonymise/pseudonymise it?
- Do you have the ability to pull out all users that have previously been anonymised?
- Can I download data from the intranet?
- Can I easily locate and extract data?
- If someone requests to know what data is held on them, can I easily access this information? If I need to extract this data, is this easily doable and am I allowed to do so?
- Has the data been obtained and processed fairly and lawfully?
- Has the data subject’s permission been sought prior to their data being processed?
- Do I know my organisation’s…
- Data retention policy?
- Privacy notice/policy?
- Data protection policy?
- Right to erasure policy?
- Is my data up to date?
- Have all of the people my company holds data on been notified about GDPR and been given the choice to have their data deleted?
- Is the data adequately protected?
- Is the data we hold adequately protected from security breaches?
- Is the data protected from being viewed by people who do not have permission to do so?
- Is there a clear process for if a data breach occurs?
- Do we have a clear process/policy on what steps/action to take if a data breach occurs?
- Has the data subject consented to the processing?
- Do I have the data subject’s consent to process their information?
- Do you have the ability to pull out and remove any personal data within your data analytics?
- Do I fully understand what data my analytics program holds on a data subject?
- If I delete a user, does their name still appear in content/pages revisions?
- If so, can I stop this from happening?
- If I delete a user, does their name still appear within dashboards?
- If so, can I stop this from happening?
- If I delete a user, what happens to their @mentions?
- Will @mentions or text mentions still show the data subject’s name, if so, can I stop this from happening?
- Is it possible to obtain all data that mentions your users or their personal information?
We hope that you have found this checklist useful.
Download a copy of our checklist
Invotra provides the toolset to help organisations achieve digital transformation by offering an intranet that will give you both control and flexibility, in a highly secure, scalable and accessible way.
Feel free to contact us today for a free demo.