With GDPR now in effect, organizations are legally required to remove personal data once its purpose for processing has been met. In March of 2019 a Danish Taxi company, Taxa 4×35, was fined $180,000 for failing to properly dispose of its customer’s personally identifiable data (PII). An audit found that the company was only removing the customer’s name from the documents, however other personally identifiable information such as telephone numbers and address’ remained.
This is easily avoidable with a proper DLP label retention
policy for your PII which can help automate the process of disposing the data
once your organization no longer has a use for it.
From the Admin Center in O365, navigate to the O365 Security and Compliance Center and create a label which we will add a retention policy to. For information on how to create a label, check out this blog post
Underneath the Classifications tab Select ‘Label Policies’ and click on the Retention tab. From this wizard in the advanced retention section, you can create and publish label policies which will automatically flag content for review and deletion after a set amount of time.
For more info on creating DLP policies in O365 check out some of our other blog posts in the O365 series here.
You can learn more about how your company can achieve compliance with GDPR and other data security regulations on our website.
Chris studied Information Systems at Hofstra University before joining Stealthbits – now part of Netwrix where he took on the role as the Technical Product Manager of SharePoint, Dropbox, and Box solution sets. His focus is primarily on SharePoint security, but data security, in general, is a passion. Aside from technical interests, he enjoys the outdoors and hopes to one day start an animal rescue and rehabilitation center for injured, disabled, and orphaned animals.
Stealthbits Credential and Data Security Assessment
Proper data security begins with a strong foundation. Find out what you're standing on with a free deep-dive into the security of your Structured and Unstructured Data, Active Directory, and Windows infrastructure.
Leave a Reply