If you’re a company that’s not currently in the European Union (EU), it’s quite likely, you may not even know about the GDPR. In short, the goal of the GDPR is to ensure consistent protection over the privacy of personal data. It’s a quite extensive regulation, covering security controls, audits, impact assessments, breach notifications, and more. Now, you may think you can breathe a sigh of relief because your company isn’t in the EU, but the GDPR applies to any business inside and outside the EU that collects personal data of EU citizens.
This regulation takes effect on May 25, 2018, and protects all kinds of data you may be storing in your SharePoint environment, including: names, addresses, phone numbers, birth dates, email addresses, banking details, credit card details, and more.
So, how does this impact you and your SharePoint environment?
Let me give you just one “right” within the GDPR to make the point of how on top of any personally identifiable information (PII) you really need to be. The right to erasure (also known as the “right to be forgotten”) within the GDPR allows for an EU citizen to request that you delete all data on them (with the exception of when personal data is still necessary in relation to the purpose for which it was originally collected/processed), you are required to find every instance and remove it.
This includes every library, document, contact list, etc. that has an individual’s PII in it.
- Understand the regulation – It’s no quick read, and there are quite a number of pertinent “rules” in the GDPR that apply to SharePoint. Here’s a brief overview that gives you a high-level view of the principles, rules, and necessary controls.
- Rethink staffing, policy, and controls – depending on the size of your organization, you may very well need a Data Protection Officer and need to put new controls in place around where PII can be stored (see the next step for more on that), who can access it, and how to demonstrate that your organization is compliant.
- Discover where PII is located within your SharePoint environment – you have well over a dozen years that SharePoint may have existed in your organization. It’s crucial to understand where PII is based on the protected data types in the GDPR. This may require third-party solutions that can inventory your environment and identify where PII resides.
- Lock down permissions within SharePoint – because the GDPR is all about the privacy of an individual’s information, even the “processing” of PII data needs to be documented along with any “recipient” of the data (which, in essence, includes anyone that can access and view the data). So, implementing a state of least privilege around PII on SharePoint will help simplify creating and maintaining a compliant environment.
Getting Started with GDPR Compliance Now
There’s so much more to GDPR than can be covered in a single article. The important thing is to get started now by understanding the regulation, and combing through your SharePoint environment to see how your organization will be impacted. Enterprises will see that even the simple process of discovery is a daunting task. That’s where DocAuto’s SPorganizer™ solution comes in. SPorganizer provides the unlimited flexibility to help you with the discovering, managing, protecting, and reporting necessary to make your sure your SharePoint environment is GDPR compliant.
Interested in learning more? Schedule a demo of SPorganizer today!
SPorganizer is a trademark of DocAuto, Inc. SharePoint is a registered trademark of Microsoft