Dokumentation according to data protection rights – BlueSpice MediaWiki and the GDPR

It is crucial for organizations that the documentation in their wiki is stored in a comprehensible and revision-proof manner. BlueSpice MediaWiki now supports you in the balancing act between traceability and data protection. Against the background of the General Data Protection Regulation (GDPR), we have revised our enterprise wiki software with regard to the protection of personal data.

The GDPR defines a number of basic rights that are also relevant for BlueSpice MediaWiki users:

  • Information: Users have the right to know what data about them is stored in the system.
  • Data portability: Users must be able to extract the data stored on a platform and transfer it to another system.
  • Correction, erasure or blocking: Users may request or arrange for their data to be corrected. They may also request the deletion or blocking of access to their data.
  • Forgetting: It must be possible to cancel the linking / assignment of data to individual users.
  • Consent: Users must be able to give their differentiated consent to the storage and use of their data.

Implementation in BlueSpice MediaWiki: the privacy center

To support the protection of privacy, BlueSpice MediaWiki now delivers the Privacy Center, which every user can access via the personal menu. Various actions can be performed here:

  • Request anonymization: A user can request that his name be made unrecognizable. To do this, he can either assign a pseudonym himself or accept the system’s suggestion.
  • Request deletion: A user can request that his account and all associated data be removed. For reasons of consistency and traceability, however, this is not completely possible in BlueSpice when it comes to assigning content contributions. We follow a pool approach here. This means that all data that must continue to be held are assigned to a collection user and are therefore no longer individually identifiable.

By the way, the correction of personal data can normally be carried out by the users themselves, as they can edit the content and their profiles themselves.


BlueSpice privacy center
Screenshot: BlueSpice privacy center


Information about the data collected

The privacy center also includes a function to provide information about the data collected. These are determined at the push of a button and include all personal details (e.g. name and e-mail), work data (e.g. saved reminders or workflows), log data (e.g. when which article was edited) and mentions of the person in the content. In a further step, these can be exported as HTML or CSV files.

Consent to the privacy policy and use of cookies

Last but not least, the privacy center also allows users to give or withdraw their consent to the privacy policy and to the use of cookies. This will also be requested when the user logs in for the first time. A refusal does not initially have any direct consequences. In the administration interface, however, authorized persons can see which employees have given their consent. They can then decide how to proceed in the event of rejection.

Balancing user interest and accountability

In a company wiki, the legitimate interest of the user in the protection of personal data is matched by the requirements of traceability and accountability of the company. For example, companies may have to prove exactly which person made which content change at which time. For this reason, both anonymization and deletion must be confirmed by an authorized person. In the future, this will be done via a central administration interface.

Summary and outlook

The privacy extension is delivered with all editions of BlueSpice MediaWiki. It supports the operators of platforms in complying with the requirements of the GDPR and maps them in the software. The team of Hallo Welt! GmbH continues to work continuously to adapt the software to a rapidly changing legal environment and to meet the current interpretations of the GDPR.

Let’s wiki together!

Author: Markus Glaser, Hallo Welt! GmbH

You Might Also Like

Leave a Reply