Data protection policy (DPP) and General Data Protection Regulation (GDPR) requirements call for “Erasure of PII data when the reason for capturing and processing has expired. This data, having a clearly defined purpose, and appropriate retention period, shall be irrecoverably erased once the retention period has expired”

How does Data Security work and how to enable it: 

By default, 'Data Retention Policy' is disabled. A user with Account Owner permissions will be able to enable it and define the data retention period. When enabled, PII data for qualified users will be purged after the retention period (qualified inactive user will be irreversibly deleted) on the 1st and 15th of each month in our scheduled purge runs.

This setting can be enabled at: Account > Data Security > Data Retention Policy Settings. Note: The minimum retention period is set at 6 months. The retention can be set in months or years. 

Who will be affected by enabling Data Retention policy:

Active users : Active users will not be affected by the data retention policy. 

Deactivated users: Deactivated users will be affected by the data retention policy

• Only personally identifiable data (PII data) of deactivated users who fall outside the org defined data retention window will be purged. In other words, the user profile will be deleted.
• If an admin updated an user's profile or updated their achievement that user will fall back on purge eligibility.
• Personally identifiable data (PII data) includes all the user profile fields including, default fields, Legacy custom fields and Advanced custom fields.
• The PII data purge job runs on 1st and 15th of every month Account Owners can set purge email reminders to be made aware of an upcoming purge.

Blocked users (NEW): Data retention policy does not affect blocked users.

• A deactivated user can be blocked by Account owner from data purge in case of legal conflict for example.
• Blocked users cannot be un-blocked under any circumstance (due to security reasons)

Who are blocked users 

A deactivated user can be blocked to be protected from system purge in case of legal conflict for example. Only an Account owner is able to block a user from system purge and general view. A blocked user cannot be un-blocked (due to security reasons) and can only be deleted when the purpose of block is fulfilled.

How can an Account Owner block a deactivated user

When Data retention policy is Enabled there will be a sub-tab on the Account >Data security>  Deactivated users. This tab will list all deactivated users, days until they will be purged, Access level and the Action ( block and delete) . Here the Account owners can choose to block a user by clicking on the ‘Block’.

Is there a separate log of the GDPR policy setting updates

There will be new History log that will capture field level changes to the retention policy settings and data purge details. This log is only available for the Account owners under  Account > Data security > History Logs. Account owners can also download all the data in a CSV 

User status : action and access permissions