Under principle 5 of the Data Protection Act, schools need to ensure that cloud service providers "retain personal data no longer than is necessary for the purpose they obtained it", and this obligation continues to be important under GDPR. We want to help you meet this challenge.
One of the key benefits of RM Unify automating your user management is that it helps you keep cloud services in sync as users leave your institution. This ensures that cloud service providers know that they can now clear up the data of staff and students that have left. Today, when a user is deleted from your RM Unify establishment, we do the following:
- Office 365 - unlicence the user
- G Suite - suspend the user
- Tell all third party apps with auto-provisioning that the user has been deleted.
This leaves you to hard delete the user from Office 365 or G Suite.
From 2nd October 2017, we will start running a regular data housekeeping process which will spring clean your Office 365 and G Suite accounts. This will remove any accounts that were linked to an RM Unify user who was deleted over nine months previously.
We will also remove all data that RM Unify holds pertaining to those users. We will publish a support article explaining how you can exclude particular Office 365 and G Suite accounts from this process.
We believe that nine months is long enough to ensure that the person is not returning to your institution and gives you sufficient time to recover any Office 365 or G Suite files that you need. This should be completely transparent to all our schools, but we feel it is important for you to know how seriously we take our obligations under GDPR. If you have any questions about the G Suite and Office 365 housekeeping process, please get in touch with the support team.
Please note: Third party apps are responsible for their own data retention policies and conformance with GPDR - please contact the cloud app vendor for more information.