Handling the apparent paradox of permanent records in Agile PLM with the new GDPR
I’m hearing a lot of talk on the new European General Data Protection Regulation and how it requires companies to not store personal data after a certain period for people no longer employed at the company.
Any of you good folks run into this?
Without having received any specifications I can hear from legal department that retaining full name and title could be an issue. This is of course part of the useraccounts in Agile, and is part of the permanent Audit trail of the user in the system: creations and approvals throughout their time. There are other regulations that require us to keep those records.
Any insights and experiences would be most welcome!
Well, names (usernames, that is) and oftentimes job titles aren’t considered PII, unless the EGDPR as you mentioned is considering it personal data. If compliance is that strict, do an import to update or nullify those selected data fields for inactive users. You could also develop a script to do just that for future user inactivations.
Username is not PII, so there shouldn’t be an issue with keeping that as is in your system. If you have to update the other fields, you can do so – Agile will need something in the First Name and Last Name fields, though it doesn’t have to be a person’s full name.