Forum Discussion
Personal data deletion of an employee who has left the organization few years back
Hi There, We have got a request from the DPO to delete all the personal data of an employee who has left the organization 3 years back. Now the definition of personal data as mentioned by the DPO is...
I'm probably too late for this since your timeline for this DSR has probably already expired. In the situation you've mentioned - where the individual is named in the created by or last modified by fields - I would ask your DPO whether these actually count. Yes, they do help identify the individual; however these could be considered business-critical information at which point they can be exempted from GDPR because the content could become irrelevant without the provided context.
Now, of course, if the content found is no longer business relevant then it does need to be deleted. When I run into these requests (generally for Exchange content) I use Purview Content Search. Once you have your content search returning everything, you just need a little PowerShell. Note the example below is what I use for Exchange Online, but it should be similar for SPO
Connect-IPPSSession
Now find the name of your Content Sarch
Get-ComplianceSearchAction
Now perform the deletion action
New-ComplianceSearchAction -SearchName "XXXcontentsearchnameXXX" -Purge -PurgeType HardDelete