GDPR and Service Portal Screenshots

[chrisnutt]

Hi All,

I've just been demonstrating the system to the Head of our CRM department and he raised a very good (if not interesting) question regarding screenshots being pasted/attached to requests in the Service Portal.

With GDPR not far away, there is a possibility of data being added to requests in the form of screenshots. I was asked, is it possible to restrict this feature on certain Services and/or Catalog items to avoid this being an issue?

Hope this has been clear.

Thanks in advance!

Chris

[Gerry]

Hi Chris,

In answer to your question, yes it would be possible to restrict specific capabilities such as pasting/posting images into a timeline BUT I would add caution to this, the intent behind GDPR is important but not even the policy makers are intending to cripple businesses. 

I have a rhetorical question on this, really as a point of interest. How would you solve this problem with e-mail?

Gerry

[chrisnutt]

The screenshot thing is being welcomed on one hand because our membership department has been crying out for something like this, but at the same time, it does present this problem and gives pause for thought. As you point out, you'd have the same problem with email - would you believe me if I told you I'm pestering Microsoft too?  

Regardless of intention, the policy makers are going to create something that will cause us all headaches and the costs of getting this wrong will be crippling (to us at least), so err on the side of caution is what I (and my bosses) say! It may be that a policy will be required for all those involved in personal data, that covers email and the Service Portal.

From what you say, I am inferring that it is not something that is currently possible but could be. Is that a correct inference? If so, will it be done?

Thanks

[Gerry]

Hi Chris,

Thanks for the update.  Well like most vendors we are trying to understand what GDPR really means, until now I have been avoiding knee jerk reactions developing features that *might* help our customers with GDPR compliance, it would be a terrible wast of time and effort to develop stuff "just in case" so we have been holding off on any actions around this until we are sure its going to be of any use.  I appreciate that people are looking for quick "just in case" fixes, thats a very common theme at the moment but I am keen to make sure our development efforts are channeled into areas that are going to be useful to the majority of our customers. 

On the one hand I can see the merit in what you are asking for but I can also see how this will only solve one small and specific issue, thats why I asked the question about email, I would be very interested to know what Microsoft's official line on this would be, because I cannot see how that could solve a problem, what about links to personal data, or URL's that contain personal data as params, or attachments that contain personal data, what about if those attachments contain an image in a zip file. etc etc.  GDPR compliance first and foremost will need to be managed by policy, locking down systems capabilities will only get an organisation a very small way along the journey. 

So I can confirm that what you are asking for would be possible to implement, but its not currently on our development agenda for the reasons stated above. 

Would love others to Chime In on this topic though...

Gerry

 

[chrisnutt]

Thanks Gerry,

That's fine. Totally understand what you're saying. Just needed a definitive to give to my bosses on the question they asked me. They'd not like me to answer a question with another question, no matter how valid!

Chris

[Gerry]

Hi Chris,

I have started a closed conversation group discussion around GDPR related issues, if you want to join the conversation let me know.~
 

Gerry

[chrisnutt]

Hi Gerry,

Yes, I think I'd like to join. I don't think I'll be able to contribute too much to the conversation but I might learn some things!

Chris