If you have not been caught up in the global craze that is GDPR, then count yourself lucky! However, if you have information on EU Data Subjects in your Workfront environment, it's probably something you've put some thought behind. In particular, there is one area that I have questions on that I was hoping the good people on the forum could help me with. One of the key components that GDPR looks at is the retention of data on Data Subjects. Until now, when someone has left our firm and they had a Workfront account, we have Deactivated the account but never deleted it. The same goes for Projects. Once a project is closed, we mark it as Closed and never think about it again. In a GDPR world, it won't be that simple. Many European authorities believe that data (we'll call it PII for simplicity sake) on Data Subjects who are no longer employees of the organization must be purged as quickly as possible (I know some authorities feel 3 years is the max). Obviously, user accounts for departed employees would fall under that and if a Project features information on departed employees, projects themselves would apply as well. So, as a non-deleter, my questions are:
Is there anything "bad" that happens when you delete a user's account?
What impact does deleting a user's account have on project time sheets, tasks, etc?
If a user is listed in a field, like for example Project Sponsor or Primary Contact, what happens to that field after they are deleted? Does it retain their name or leave it blank?
What happens if you delete a project that has been closed for years and has thousands of hours recorded to it? Any unforeseen consequences I should know about?
Does anyone do anything to get around deleting user accounts? Like go in and put in fake names and alter the other data to make it unrecognizable?
Jason Maust McGuireWoods LLP
