Data Subject Access Requests

To help your organization comply with the General Data Protection Regulation (GDPR), IBM® Storage Protect for Cloud Microsoft 365 provides a tool that discovers all copies of the Exchange Online Mailbox, SharePoint Online Site Collections and OneDrive backups of a given data subject that are stored by IBM Storage Protect for Cloud Microsoft 365 solution and deletes the user-generated backups of Mailbox, SharePoint Online Site Collections, and OneDrive. After the deletion, the entire object, along with all associated data, is permanently deleted.

About this task

The IBM Storage Protect for Cloud Microsoft 365 data stored on the backend is immutable to users. Administrators can enable data availability for data subject access requests in accordance with their organization’s GDPR policy.

Note the following:

• If you currently have no GDPR requests and want to avoid any accidental deletion of backup data, you can contact IBM Software Support to disable this feature. Note that the Data Subject Access Requests feature and the Manually Delete Backup Data feature will both be disabled.
• You can enable the approval process for data deletion in Settings > Security to avoid accidental data loss. With this feature enabled, data deletion requests and email notifications will be sent to the administrators when you delete data in Manually delete backup data and Data subject access requests. Then administrators can access the IBM Storage Protect for Cloud Microsoft 365 interface and click My Tasks () on the upper-right of the interface to approve or reject your requests. The deletion jobs will start when the requests are approved. Note that the requests will be automatically invalidated if not approved within 7 days. Complete the steps below:

1. Click Data Management > Data Subject Access Requests on the left page.
2. Click Discover & Delete to enter the What type of content are you looking to identify? page.
3. Select the content type that you are looking for. If you want to delete the mailbox backup of the data subject, select Exchange Online; to delete the backup of the data subject’s libraries, select OneDrive; to delete the backup of the site collection backup of the data subject, select SharePoint Online.
4. Enter the keyword to search for the data subject you are looking for. Select the data subject from the list and then click Apply. You can select multiple items in the search result.
5. You can export a list of recovery points to view the object backup history. Select the objects and click Export recovery point. A ZIP file will be automatically saved to the download location of your browser in the local computer.
6. Click Delete to delete all backup data for the selected objects from IBM Storage Protect for Cloud Microsoft 365.

   You can continue to discover and delete data, or click the View all the right to be forgotten requests to navigate to the Job Monitor page to view deletion jobs in response to right to be forgotten requests.