ProTip: Create PII Retention Policies in O365 to Help Abide with GDPR Guidelines

ProTip: Create PII Retention Policies in O365 to Help Abide with GDPR Guidelines

Automate the Process of Disposing of Data

With GDPR now in effect, organizations are legally required to remove personal data once its purpose for processing has been met. In March of 2019 a Danish Taxi company, Taxa 4×35, was fined $180,000 for failing to properly dispose of its customer’s personally identifiable data (PII). An audit found that the company was only removing the customer’s name from the documents, however other personally identifiable information such as telephone numbers and address’ remained.

This is easily avoidable with a proper DLP label retention policy for your PII which can help automate the process of disposing the data once your organization no longer has a use for it.

From the Admin Center in O365, navigate to the O365 Security and Compliance Center and create a label which we will add a retention policy to. For information on how to create a label, check out this blog post

Underneath the Classifications tab Select ‘Label Policies’ and click on the Retention tab. From this wizard in the advanced retention section, you can create and publish label policies which will automatically flag content for review and deletion after a set amount of time.

GDPR - 0365 Security - Data Disposal Automation, GDPR, 0365 automation to create data security

For more info on creating DLP policies in O365 check out some of our other blog posts in the O365 series here.

You can learn more about how your company can achieve compliance with GDPR and other data security regulations on our website.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Start a Free StealthAUDIT® Trial!

No risk. No obligation.