GDPR intranet compliance checklist

With GDPR in force since the 25th May 2018, it’s important to understand how to make sure that you are compliant.

We have compiled a useful checklist, tailored to intranet managers.

GDPR checklist for intranet managers:

Can I delete a user?
Am I able to completely delete a user and all traces of their data
Can I re-assign content?
If I need to, can I re-assign content?
If someone leaves an organisation and requests that their data be deleted, do I know how to do this?
If I can’t re-assign the content then can I delete it?
Am I able to delete content and all traces of its data?
Can I anonymise/pseudonomise the data?
If I need to keep the data for a legitimate business reason but I do not need their personally identifiable information then can I anonymise/pseudonymise it?
Do you have the ability to pull out all users that have previously been anonymised?
Can I download data from the intranet?
Can I easily locate and extract data?
If someone requests to know what data is held on them, can I easily access this information? If I need to extract this data, is this easily doable and am I allowed to do so?
Has the data been obtained and processed fairly and lawfully?
Has the data subject’s permission been sought prior to their data being processed?
Do I know my organisation’s…
Data retention policy?
Privacy notice/policy?
Data protection policy?
Right to erasure policy?
Is my data up to date?
Have all of the people my company holds data on been notified about GDPR and been given the choice to have their data deleted?
Is the data adequately protected?
Is the data we hold adequately protected from security breaches?
Is the data protected from being viewed by people who do not have permission to do so?
Is there a clear process for if a data breach occurs?
Do we have a clear process/policy on what steps/action to take if a data breach occurs?
Has the data subject consented to the processing?
Do I have the data subject’s consent to process their information?
Do you have the ability to pull out and remove any personal data within your data analytics?
Do I fully understand what data my analytics program holds on a data subject?
If I delete a user, does their name still appear in content/pages revisions?
If so, can I stop this from happening?
If I delete a user, does their name still appear within dashboards?
If so, can I stop this from happening?
If I delete a user, what happens to their @mentions?
Will @mentions or text mentions still show the data subject’s name, if so, can I stop this from happening?
Is it possible to obtain all data that mentions your users or their personal information?

We hope that you have found this checklist useful.

Invotra provides the toolset to help organisations achieve digital transformation by offering an intranet that will give you both control and flexibility, in a highly secure, scalable and accessible way.

Feel free to contact us today for a free demo.