With the introduction of Unified Retention & Retention Labels in the Security and Compliance, many customers have questions on the differences between Unified Retention, Retention Labels and MRM rete...
Updated Jul 01, 2019
Version 2.0
Blog Post
GDPR Question on Retention
We have 2 conflicting company (not SCC) polies we are trying to comply with.
1. Retain all data for 7 years,
2. Prevent any user accidently or on purpose purging emails (Or SP Files) or setting a Label on purpose to purge.
3. Except if we get a DSAR and find some personal data (E.g. Someone passport photo that they accidently sent us years ago), and acting on the "Right to be forgotten" by putting that one email "beyond use" e.g. purged.
1. The SCC 7 Year default retention seems to fit one part of the requirement easily.
2. Ill not allow any Outlook published policy labels except perhaps archive
3. I can then use eDiscovery to find the example Passport email
---- But when I attempt to delete, the default policy surely remains based on the precedence of "longest retention wins"???
How do I make this work? Happy to perform Powershell SCC for hard deletes, as long as I can override the default Policy for a single item by force, as admin, etc.
Kindest
Martin