Managing personal information in accordance with GDPR

As an administrator, you might experience users asking that their personal information (PI) be erased or corrected in accordance with the EU General Data Protection Regulation (GDPR). This section describes the most common scenarios that you might encounter and the actions that you need to take to satisfy the user requests.

Let’s say that a user who has left the company, for example, Carla Smith, requests to have her personal information erased. Most scenarios involve your changing the user’s name and email address so that they no longer reveal the user's identity. “Carla Smith” would become, for example, “Former Employee57” and her email address “formerempl57@organization," depending on what system of pseudonymised names and addresses your organization decides on. Your organization should keep accurate records of these changes to avoid confusion should you have future dealings with the same users.

Note: If your Connections deployment is integrated with IBM FileNet, actions taken by the Connections Administrator cannot erase user PI stored in FileNet. For instructions on how to pseudonymise or delete personal data in FileNet, see the GDPR Overview section in the IBM FileNet P8 Platform documentation in IBM Knowledge Center.