GDPR Retention Label Removal

%3CLINGO-SUB%20id%3D%22lingo-sub-1388964%22%20slang%3D%22en-US%22%3EGDPR%20Retention%20Label%20Removal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1388964%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20need%20to%20migrate%20a%20tenant%20to%20a%20new%20tenant.%20GDPR%20Labels%20have%20been%20running%20in%20OneDrive%2C%20SharePoint%20and%20Exchange.%3C%2FP%3E%3CP%3EIf%20we%20migrate%20by%20using%20a%20program%20such%20as%20Move%20in%20O365%20must%20the%20GDPR%20Label%20be%20switched%20off%3F%3C%2FP%3E%3CP%3EI%20it%20must%20be%20switched%20off%20-%20How%20long%20before%20we%20migrate%3F%3C%2FP%3E%3CP%3EI%20believe%20that%20all%20stored%20documents%20are%20now%20encrypted%20in%20OneDrive%20and%20SharePoint.%3C%2FP%3E%3CP%3EAny%20interference%20to%20be%20expected%20in%20Teams%3F%3C%2FP%3E%3CP%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Niek_Meerkotter_0-1589455238419.jpeg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F191630iFB618DD1CC68799C%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Niek_Meerkotter_0-1589455238419.jpeg%22%20alt%3D%22Niek_Meerkotter_0-1589455238419.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3CSPAN%20class%3D%22lia-inline-image-display-wrapper%20lia-image-align-inline%22%20image-alt%3D%22Niek_Meerkotter_1-1589455255849.jpeg%22%20style%3D%22width%3A%20400px%3B%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fgxcuf89792.i.lithium.com%2Ft5%2Fimage%2Fserverpage%2Fimage-id%2F191631i38D87310F51F2053%2Fimage-size%2Fmedium%3Fv%3D1.0%26amp%3Bpx%3D400%22%20title%3D%22Niek_Meerkotter_1-1589455255849.jpeg%22%20alt%3D%22Niek_Meerkotter_1-1589455255849.jpeg%22%20%2F%3E%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-1388964%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3ECompliance%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3EMigration%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1396114%22%20slang%3D%22en-US%22%3ERe%3A%20GDPR%20Retention%20Label%20Removal%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1396114%22%20slang%3D%22en-US%22%3EYes%20any%20document%20you%20migrate%20to%20the%20new%20tenant%20should%20first%20be%20decrypted%20otherwise%20disruption%20will%20occur%20when%20accessing%20that%20content%20in%20the%20future.%3CBR%20%2F%3E%3CBR%20%2F%3EFor%20example%3A%3CBR%20%2F%3E-%20when%20the%20user's%20identity%20is%20migrated%20from%20the%20source%20tenant%20to%20the%20target%20tenant%2C%20for%20example%2C%20the%20UPN%20suffix%20(%40domain.com)%20then%20the%20users%20won't%20be%20able%20to%20authenticate%20to%20open%20the%20AIP%20encrypted%20data%3CBR%20%2F%3E-%20if%20the%20source%20tenant%20is%20ever%20decommissioned%20then%20the%20AIP%20content%20will%20be%20unreadable.%3CBR%20%2F%3E-%20Probably%20several%20other%20scenarios%20too%20numerous%20to%20mention.%3CBR%20%2F%3E%3CBR%20%2F%3EThe%20Auto-Label%20policy%20doesn't%20have%20any%20setting%20of%20automatically%20removing%20encryption%20from%20all%20documents%20that%20it%20has%20applied%20to.%20This%20means%20if%20a%20user%20has%20downloaded%20a%20document%20to%20their%20local%20hard%20drive%20then%20you%20won't%20be%20able%20to%20decrypt%20that%20document.%3CBR%20%2F%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

We need to migrate a tenant to a new tenant. GDPR Labels have been running in OneDrive, SharePoint and Exchange.

If we migrate by using a program such as Move in O365 must the GDPR Label be switched off?

I it must be switched off - How long before we migrate?

I believe that all stored documents are now encrypted in OneDrive and SharePoint.

Any interference to be expected in Teams?

Niek_Meerkotter_0-1589455238419.jpegNiek_Meerkotter_1-1589455255849.jpeg

 

1 Reply
Yes any document you migrate to the new tenant should first be decrypted otherwise disruption will occur when accessing that content in the future.

For example:
- when the user's identity is migrated from the source tenant to the target tenant, for example, the UPN suffix (@domain.com) then the users won't be able to authenticate to open the AIP encrypted data
- if the source tenant is ever decommissioned then the AIP content will be unreadable.
- Probably several other scenarios too numerous to mention.

The Auto-Label policy doesn't have any setting of automatically removing encryption from all documents that it has applied to. This means if a user has downloaded a document to their local hard drive then you won't be able to decrypt that document.