What should you be aware of with GDPR and Pronestor?
In general, there are a lot of great information here https://www.pronestor.com/gdpr/
But there is a little maintanence for users in Pronestor Planner.
The users in Pronestor have an email and a phone number connected. Pronestor uses this information to send emails to the users about their meeting reservations. But when an employee leaves your organization, they need to be removed in Pronestor Planner.
Which version does this extend to?
If you have a cloud solution, you have this feature. If you host your own server, please check your version whether you have this feature. This was introduced in Planner version 8.1.25 for new deletions, and in version 8.1.28 previously deleted users got anonymised and deleted in the database as well.
If you are importing users
You can simply remove them from the import (either by deleting them in active directory, removing them from the AD groups, or removing them from the importset). This will delete the user in Planner. Their future meetings won't be deleted but the owner will say "deleted" instead of the users name.
If you create users manually
Then you need to go into the administration module and delete them. Their future meetings won't be deleted but the owner will say "deleted" instead of the users name.
Can we recreate a user?
No. If a user is added to the import again, they are created as a new user. This new user will not be connected to the deleted users meetings or settings.
Which data is affected?
This is an overview of the personal data that is in the Pronestor Planner database, and that is anonymised or deleted when the user is deleted:
- Password (this was stored in an encrypted state)
- Profile picture
- Exchange Distinguished Names
- Exchange Organizer SMTP Adresse for reservations