GDPR - Goals Data Deletion and Anonymization
- Individual Goals - If the user is the Goal Owner, the goal is deleted.
- Shared Goals - If the user is the Goal Owner of a shared goal, the goal is deleted.
- Manager Comments - If the user is a manager who has added comments to a subordinate's goal, the manager's core data such as First Name, Last Name, and Email Address are anonymized. That is, the comments remain intact, but any references to the manager are anonymized.
When a data deletion request is made based on time, the goal due date is used to determine when the data is deleted or anonymized. If the goal does not have a due date, then the goal creation date is used.
Considerations for Goals:
- When a user requests to be forgotten OR that user’s data is outside of the data retention period and that user has created a Feedback request, then any goals that are used in the Feedback Requests are not deleted since the Feedback Request uses a snapshot of the goal from when the request is made. A best practice for administrators is to request the deletion of both Goal and Feedback Requests.
When a user requests to be forgotten OR that user’s data is outside of the data retention period and that user has goals within a Goal Rating or Goal Planning section of a Completed or Expired performance review, then those goals are not deleted because the goals reflected in these sections are snapshots of the goals. A best practice for administrators is to request the deletion of both Goal and Performance Review data.
- If an owner of a shared goal is leaving a legal entity, a best practice is to reassign the shared goal prior to making a data deletion request. This can be done from the Goals Edit page or the Manage Shared and Dynamic Goals page. The owner can re-assign the goal in the Managed by section.