RGPD : SharePoint clean policy

Local admins must manage their data

This post is not about a global RGPD project in your organization, it’s a simple solution that site’s admins can apply in their sites, in their lists, in their libraries to ensure RGPD storage limitation compliance (chapter 5.e of RGPD).

This pragmatic solution is the feature named « Site Policy ».

blog ai3 ShpCleanPolicy02 RGPD : SharePoint clean policyTo explain how to use this feature, let’s take an example of an app managing visitor’s access badges:

  • Employees must bring an access badge to their visitors
  • There is a SharePoint list of badge’s requests
  • To ask for a new badge a user add a new item in this list, with his name, date of the visit and personal informations of the visitor
  • The security team prepare a badge with right access permissions and add the badge number in SharePoint
  • Finally, the badge is given to the welcome hostesses

 

  • This app have been built by a user in 2011
  • The question of data retention period have never been considered
  • All data since 2011 are still in the list when the company need to be able to retrieve visitors identity after the visits, but no longer that 6 months

Now there is a double question: how to delete right now items created more than 6 months before ?
How to do it periodically?

Solution: feature and settings

blog ai3 ShpCleanPolicy03 RGPD : SharePoint clean policy

The site admin must find a solution to delete items 6 months after their creation.

 

First of all he have to activate the « Site Policy » feature if not done yet

 

In the list’s settings he click on « Information management policy settings »

 

 

 

 

 

 

blog ai3 ShpCleanPolicy04 RGPD : SharePoint clean policy

He create a new Policy for the content type « Item »

 

In this Policy he enable retention and specify « Created + 6 months → Permanetly Delete »

 

He press « Ok » and it’s done!

 

And what happen immediatly? Nothing!

 

Items will be deleted later, by jobs scheduled in the SharePoint farm.

 

 

 

 

Jobs scheduled in the SharePoint farm

In the SharePoint farm, each Web App have 2 jobs:blog ai3 ShpCleanPolicy05 RGPD : SharePoint clean policy

  • Information management Policy : runs weekly and calculate updates expiration dates
  • Expiration Policy : runs weekly and process expired items

Detailed documentation: https://docs.microsoft.com/en-us/sharepoint/technical-reference/timer-job-reference-for-sharepoint-server-2016

In SharePoint on premises, by default theses jobs runs respectively  Friday and Saturday at 11 PM
This periodicity  can be changed in Central Administration or with PowerShell.

For SharePoint online, in the detailed documentation we can read that these jobs are not available.

However I have tested it in SharePoint online and it works!
I understand that « not available » mean I can’t decide the scheduled time of the jobs.

Conclusion: 3 good news

The point is to clean a list or a library periodically regarding on chapter 5.e of RGPD.

🙂 The solution described here is free: included in SharePoint.
🙂 The solution is light: data’s conservation periods defined directly by business lines actors.
🙂 The solution is efficient: one single action for cleaning several years old datas and for cleaning periodically from now.

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *

Ce site utilise Akismet pour réduire les indésirables. En savoir plus sur comment les données de vos commentaires sont utilisées.