Planner and GDPR
What should you be aware of with GDPR when using Planner?
In general, there are a lot of great information here https://signinworkspace.com/company/gdpr
But there is a little maintenance for users in Planner.
The users in Planner have an email and a phone number connected. Planner uses this information to send emails to the users about their meeting reservations. But when an employee leaves your organization, they need to be removed in Planner.
Which version does this extend to?
If you have a cloud solution, you have this feature. If you host your own server, please check your version whether you have this feature. This was introduced in Planner version 8.1.25 for new deletions, and in version 8.1.28 previously deleted users got anonymized and deleted in the database as well.
If you are importing users
You can simply remove them from the import (either by deleting them in active directory, removing them from the AD groups, or removing them from the importset). This will delete the user in Planner. Their future meetings won't be deleted but the owner will say "deleted" instead of the users name.
If you create users manually
Then you need to go into the administration module and delete them. Their future meetings won't be deleted but the owner will say "deleted" instead of the users name. You can also setup automatic deletion of inactive users.
Can we recreate a user?
Yes, but only through the export. Every export includes a datasourceguid, and if a user is recreated in active directory, they will have the same datasourceguid and be recreated in the export. If the users datasourceguid is changed, they will instead be created as a new user.
Which data is affected?
This is an overview of the personal data that is in the Planner database, and that is anonymized or deleted when the user is deleted:
Initials
Firstname
Lastname
Password (this is stored in an encrypted state)
Phone
Login
Profile picture
Exchange Distinguished Names
Exchange Organizer SMTP Adresse for reservations