Soldato
- Joined
- 18 Oct 2002
- Posts
- 8,253
- Location
- The Land of Roundabouts
gdpr is a rabbit hole, the more i think about it the more headaches i see.
from user drives to databases in now apparent dire need of cleansing. in fact I'm going pretty insane when i think about it!..
so i'd be interested to hear any story's on your approach
one of our functions is recruitment so as you can imagine we hold cv's, lots of cv's. users are lazy they store them here there and everywhere. A lot of it will have been obtained by people applying for jobs but we also gain cv's from the likes of JobServe through our subscriptions/watchdogs and the owner may not be fully aware we hold there data.
But on the flip side this is a really good opportunity to do a decent data cleanse and get proper procedures in place (though that's not my call), I've gone through our archives and removed a ton of old user data and saved a bucket on backup exposure, but one item I've yet to really tackle is archives of mailboxes in the form of PST's, the chances of these every being looked at is pretty slim but there is a likelihood they contain personal data so I'm airing on deleting them but they also contain correspondence that we may need however small the likely hood is.
I'm wondering if we can sit on the pst's or will we need to go thorough each one cleansing any personal identifying information.
its really frustrating as a lot of it is down to interpretation to what you classify as pii and your own risk assessments vs a proper clarification.
from user drives to databases in now apparent dire need of cleansing. in fact I'm going pretty insane when i think about it!..
so i'd be interested to hear any story's on your approach
one of our functions is recruitment so as you can imagine we hold cv's, lots of cv's. users are lazy they store them here there and everywhere. A lot of it will have been obtained by people applying for jobs but we also gain cv's from the likes of JobServe through our subscriptions/watchdogs and the owner may not be fully aware we hold there data.
But on the flip side this is a really good opportunity to do a decent data cleanse and get proper procedures in place (though that's not my call), I've gone through our archives and removed a ton of old user data and saved a bucket on backup exposure, but one item I've yet to really tackle is archives of mailboxes in the form of PST's, the chances of these every being looked at is pretty slim but there is a likelihood they contain personal data so I'm airing on deleting them but they also contain correspondence that we may need however small the likely hood is.
I'm wondering if we can sit on the pst's or will we need to go thorough each one cleansing any personal identifying information.
its really frustrating as a lot of it is down to interpretation to what you classify as pii and your own risk assessments vs a proper clarification.
