Has anyone issued any guidance on possible GDPR implications for posting content onto Yammer which could potentially identify individuals either directly employed by the organisation or who may be a third party supplier. I'm thinking more photo content from activities either within offices, official company events or outside at ceremonies, social events etc. Often specific colleagues may be @mentioned or 'called out' giving the opportunity for them to respond and ask for content to be removed but more likely people will happen to be in the frame of the image captured.
I'd imagine policy can be worded to say that once you participate on the platform you implicitly give your consent for personally identifiable information to be stored and shared responsibly by explicitly accepting conditions of use. But does GDPR recognise this 'waiver'? What about when an employee leaves the organisation - can they ask for content to be removed or handed over?
Appreciate this is not quite a Yammer question - but interested to hear how businesses are providing guidance.