It is crucial for organizations that the documentation in their wiki is stored in a comprehensible and revision-proof manner. BlueSpice MediaWiki now supports you in the balancing act between traceability and data protection. Against the background of the General Data Protection Regulation (GDPR), we have revised our enterprise wiki software with regard to the protection of personal data.
The GDPR defines a number of basic rights that are also relevant for BlueSpice MediaWiki users:
- Information: Users have the right to know what data about them is stored in the system.
- Data portability: Users must be able to extract the data stored on a platform and transfer it to another system.
- Correction, erasure or blocking: Users may request or arrange for their data to be corrected. They may also request the deletion or blocking of access to their data.
- Forgetting: It must be possible to cancel the linking / assignment of data to individual users.
- Consent: Users must be able to give their differentiated consent to the storage and use of their data.
Implementation in BlueSpice MediaWiki: the privacy center
To support the protection of privacy, BlueSpice MediaWiki now delivers the Privacy Center, which every user can access via the personal menu. Various actions can be performed here:
- Request anonymization: A user can request that his name be made unrecognizable. To do this, he can either assign a pseudonym himself or accept the system’s suggestion.
- Request deletion: A user can request that his account and all associated data be removed. For reasons of consistency and traceability, however, this is not completely possible in BlueSpice when it comes to assigning content contributions. We follow a pool approach here. This means that all data that must continue to be held are assigned to a collection user and are therefore no longer individually identifiable.
By the way, the correction of personal data can normally be carried out by the users themselves, as they can edit the content and their profiles themselves.
Information about the data collected
The privacy center also includes a function to provide information about the data collected. These are determined at the push of a button and include all personal details (e.g. name and e-mail), work data (e.g. saved reminders or workflows), log data (e.g. when which article was edited) and mentions of the person in the content. In a further step, these can be exported as HTML or CSV files.
Balancing user interest and accountability
In a company wiki, the legitimate interest of the user in the protection of personal data is matched by the requirements of traceability and accountability of the company. For example, companies may have to prove exactly which person made which content change at which time. For this reason, both anonymization and deletion must be confirmed by an authorized person. In the future, this will be done via a central administration interface.
Summary and outlook
The privacy extension is delivered with all editions of BlueSpice MediaWiki. It supports the operators of platforms in complying with the requirements of the GDPR and maps them in the software. The team of Hallo Welt! GmbH continues to work continuously to adapt the software to a rapidly changing legal environment and to meet the current interpretations of the GDPR.
Let’s wiki together!
Author: Markus Glaser, Hallo Welt! GmbH