What should you be aware of with GDPR and Pronestor?
In general, there are a lot of great information here https://www.pronestor.com/gdpr/
But there is a little maintanence for users in Pronestor Planner.
The users in Pronestor have an email and a phone number connected. Pronestor uses this information to send emails to the users about their meeting reservations. But when an employee leaves your organization, they need to be removed in Pronestor Planner.
Which version does this extend to?
If you have a cloud solution, you have this feature. If you host your own server, please check your version whether you have this feature. This was introduced in Planner version 8.1.25 for new deletions, and in version 8.1.28 previously deleted users got anonymised and deleted in the database as well.
If you are importing users
You can simply remove them from the import (either by deleting them in active directory, removing them from the AD groups, or removing them from the importset). This will delete the user in Planner. Their future meetings won't be deleted but the owner will say "deleted" instead of the users name.
If you create users manually
Then you need to go into the administration module and delete them. Their future meetings won't be deleted but the owner will say "deleted" instead of the users name.
Can we recreate a user?
Yes, but only through the export. Every export includes a datasourceguid, and if a user is recreated in active directory, they will have the same datasourceguid and be recreated in the export.If the users datasourceguid is changed, they will instead be created as a new user.
Which data is affected?
This is an overview of the personal data that is in the Pronestor Planner database, and that is anonymised or deleted when the user is deleted:
- Password (this was stored in an encrypted state)
- Profile picture
- Exchange Distinguished Names
- Exchange Organizer SMTP Adresse for reservations