Question

Data Retention Policy

  • 16 March 2023
  • 2 replies
  • 40 views

Hi, curious to hear what sort of Data Retention Policy/Schedule you might have for community content written by B2B users that do no longer work for the company they worked for when they posted? @Julian would you know of any common standards here for community created content? 


2 replies

Userlevel 2
Badge +3

Thanks for sharing this question, Anita. Here how we look at this topic:

Acessibility of your community

If your community is available to all, also former customers, then no real change would be necessary. You could build a flow (e.g. article guide) for users to contact you via email to update user records (email address) to allow notfications to be received in the future. This could also be triggered by internal flows (e.g. adding the community email address to customer offboarding processes).

If your community is not visible / available for non-customers, then you should continue with the step below.

Login / User management

If your users are logging in only via SSO, customer records could be updated automatically (updating email and potentially profile information), same for permissions (denying access by changing role after not being a customer / employee at a customer any more). This is then managed by your CRM / identity provider and will work automatically. E.g. if an ex-customer cannot log in anymore via SSO, access will be denied automatically.

If that is not the case, then you need to make sure that you have processes in place to manually monitor offobarding, as described above.

Erasing users is not advised, unless the user requests so in the context of GDPR, simply as it would make content increasingly unreadable.

Content

Now in general the focus should be to remove as little content (topics, replies) as possible - for reasons mentioned above. You just need to make sure that no personal data is being stored after a customer has been offboarded as a customer. 

Of course, should your users discuss any private / confidential information which is company-specific, I would recommend to sccramble such information by manual edits. Each community has to review how strict they want to enforce this policy, as the nature and quality of conversations differs a lot between individual communities.

Hope this helps!

Hi, I believe the recent EU GDPR rules require us to not keep customer specific data forever, even when users do not actively contact us for this. Can you please share Gainsight’s policy of handling GDPR? 

https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679

https://commission.europa.eu/law/law-topic/data-protection/reform/rules-business-and-organisations_en

@olimarrio would you have any insights?

Reply