Is your SharePoint implementation GDPR compliant?

11th July 2017

The EU’s General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. Even though the UK is leaving the EU in Mar 2019 the GDPR will still apply to any organisation that holds information on EU citizens, regardless of where they are based. Furthermore, it is highly likely the UK will adopt some, if not all of the GDPR principles. So, it is important to ensure you are compliant with the new requirements.

How will the GDPR impact my organisation?

If you are unfamiliar with the requirements of the GDPR, it covers how you:

  1. Identify and secure personal data stored within your IT systems
  2. Accommodate new data transparency requirements
  3. Detect and report personal data breaches
  4. Train privacy personnel and employees

For many organisations, the first of these requirements is likely to cause problems. This is because you will, in all likelihood, have been collecting personal staff, customer and prospect information for many years. Personal data tends to be held in diverse formats and widely disseminated throughout IT systems. Consequently, information sprawl is highly likely and you will need to find and secure all such personal data to ensure you remain GDPR compliant.

SharePoint and eDiscovery

As one of the leading document management and storage solutions SharePoint is used by many organisations to hold important personal data from company HR information to CRM details. This information comes under the remit of the GDPR and needs to be located, managed and secured.

Fortunately, there is functionality within SharePoint that enables this. Its eDiscovery capabilities can be used to find, preserve and manage your data and ensure you remain compliant. This includes:

  • The eDiscovery Center – a central SharePoint site which is used to manage preservation, search and the export of content stored across your SharePoint farms
  • SharePoint In-Place Hold – preserves entire SharePoint sites, protecting all documents, pages and list items within the site but allows users to continue to edit and delete preserved content
  • Query-based preservation – allows users to apply query filters to one or more SharePoint sites and restrict the content that is held

SharePoint preserves content at the site level. When you preserve a site, its lists, libraries and sub sites are all preserved.

Introduce a data governance framework

Whilst eDiscovery is important, on its own it will not ensure you remain GDPR compliant. Introducing data governance is vital as this will mean you will have the framework, processes and tools in place to enable you to manage and secure your data.

It will then be easier to prove you are meeting your obligations for identifying and securing data as well as being able to cope quickly and inexpensively with any request for information on the personal data you hold.

Fines of up to 4% of global turnover or €20M can be imposed for non-compliance, so it is worth investing a small amount of money now to prevent a catastrophic fine later on.

igroup have extensive experience and in-depth expertise with SharePoint, enabling you to meet your GDPR obligations.

Enquire now to find out more about the GDPR or how SharePoint eDiscovery can help you to meet your GDPR obligations

Call now on 0207 099 0632 to speak to a member of our team

Call Us Now