Hi Michael Kirst-Neshva,
The trick with GDPR is informing users about what you are going to do with data and how you are storing it. When the users wants to have insights into what data you have about him/her you can show it quick and easy. Requesting data is not an issue but you need to make it clear to the submitter what you are doing with the data and give them a chance to approve that they share data with you. Transparency is key here!
Your comment for example:
But what is with normal working use cases like in a company / school / club?
- Collecting personal information's for a newsletter or quiz? - Users have to approve that their info can be used in receiving newsletters. If you can't show this you are not allowed to randomly send newsletters. A check-box somewhere stating they approve is needed. More about Email marketing can be found: Here
- Data processing as HR, as human doctor, as teacher? - For HR take a look at this overview: HR Example.
Within Office 365 there are lot of tools to help you with the data storage and security and search of user data:
- AIP (Azure information protection) for securing data/ encryption. This can be done automatically based on labels or certain words
- AIP Scanner (for data on file shares)
- DSR cases (for when someone wants to know what data is stored of them).
- GDPR Toolbox
- DLP
- eDiscovery
- Audit log
Microsoft is spending a lot of time/money for GDPR tools in Office 365, see: https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
Hope this answers some of your questions.
Cheers,
Alexander