With GDPR now in effect, organizations are legally required to remove personal data once its purpose for processing has been met. In March of 2019 a Danish Taxi company, Taxa 4×35, was fined $180,000 for failing to properly dispose of its customer’s personally identifiable data (PII). An audit found that the company was only removing the customer’s name from the documents, however other personally identifiable information such as telephone numbers and address’ remained.
This is easily avoidable with a proper DLP label retention policy for your PII which can help automate the process of disposing the data once your organization no longer has a use for it.
From the Admin Center in O365, navigate to the O365 Security and Compliance Center and create a label which we will add a retention policy to. For information on how to create a label, check out this blog post
Underneath the Classifications tab Select ‘Label Policies’ and click on the Retention tab. From this wizard in the advanced retention section, you can create and publish label policies which will automatically flag content for review and deletion after a set amount of time.
For more info on creating DLP policies in O365 check out some of our other blog posts in the O365 series here.
You can learn more about how your company can achieve compliance with GDPR and other data security regulations on our website.
Start a Free Stealthbits Trial!
No risk. No obligation.