Local admins must manage their data
This post is not about a global RGPD project in your organization, it’s a simple solution that site’s admins can apply in their sites, in their lists, in their libraries to ensure RGPD storage limitation compliance (chapter 5.e of RGPD).
This pragmatic solution is the feature named « Site Policy ».
To explain how to use this feature, let’s take an example of an app managing visitor’s access badges:
- Employees must bring an access badge to their visitors
- There is a SharePoint list of badge’s requests
- To ask for a new badge a user add a new item in this list, with his name, date of the visit and personal informations of the visitor
- The security team prepare a badge with right access permissions and add the badge number in SharePoint
- Finally, the badge is given to the welcome hostesses
- This app have been built by a user in 2011
- The question of data retention period have never been considered
- All data since 2011 are still in the list when the company need to be able to retrieve visitors identity after the visits, but no longer that 6 months
Now there is a double question: how to delete right now items created more than 6 months before ?
How to do it periodically?
Solution: feature and settings
The site admin must find a solution to delete items 6 months after their creation.
First of all he have to activate the « Site Policy » feature if not done yet
In the list’s settings he click on « Information management policy settings »
He create a new Policy for the content type « Item »
In this Policy he enable retention and specify « Created + 6 months → Permanetly Delete »
He press « Ok » and it’s done!
And what happen immediatly? Nothing!
Items will be deleted later, by jobs scheduled in the SharePoint farm.
Jobs scheduled in the SharePoint farm
In the SharePoint farm, each Web App have 2 jobs:
- Information management Policy : runs weekly and calculate updates expiration dates
- Expiration Policy : runs weekly and process expired items
In SharePoint on premises, by default theses jobs runs respectively Friday and Saturday at 11 PM
This periodicity can be changed in Central Administration or with PowerShell.
For SharePoint online, in the detailed documentation we can read that these jobs are not available.
However I have tested it in SharePoint online and it works!
I understand that « not available » mean I can’t decide the scheduled time of the jobs.
Conclusion: 3 good news
The point is to clean a list or a library periodically regarding on chapter 5.e of RGPD.
🙂 The solution described here is free: included in SharePoint.
🙂 The solution is light: data’s conservation periods defined directly by business lines actors.
🙂 The solution is efficient: one single action for cleaning several years old datas and for cleaning periodically from now.