Overview

This guide provides detailed insights into the user deprovisioning process on PlusPlus, highlighting the steps taken to manage user access and ensure data privacy and compliance. It is designed to assist administrators in navigating the platform's settings and processes related to user data handling.

Upon the removal of a user through people integration, PlusPlus takes several immediate steps to comply with GDPR and other data protection regulations:

After the SCIM integration notifies us of a user's status change, the user immediately loses access to PlusPlus. However, their account is not instantly deprovisioned. We enforce a default quarantine period of 7 days, which administrators can adjust in Settings > Privacy, to allow for any necessary adjustments or reviews before finalizing the deprovisioning.

In alignment with data protection standards, we ensure that an employee's PII is securely deleted within a maximum of 30 days following their termination. This practice safeguards personal data and supports our commitment to privacy and compliance.

It's important to understand the difference between deprovisioning and deletion. Deprovisioning involves making a user's PII anonymous within the platform, effectively obscuring their identity without erasing their historical data. This allows for continued access to engagement records and reporting accuracy. In contrast, deletion permanently removes all traces of a user from PlusPlus. This action is generally reserved for when a customer fully exits the platform.

Administrators can verify their current settings regarding user deprovisioning versus deletion in the Security > Privacy section of the admin settings. This section also details how access to PlusPlus is managed following the disabling of a user's login capabilities by an SSO provider, including the retention period for the user's PII.

To maintain accurate reporting and insights, PlusPlus retains the engagement records of deprovisioned users. This approach ensures that historical data, such as course completions, remains intact and reflective of actual user engagement. Administrators can access this data by filtering for terminated users, using the employee ID to locate specific records.

If calendar integration is active, special consideration is given to the ownership of calendar events. To prevent outdated or duplicated calendar events following a user's deprovisioning, PlusPlus automatically reassigns event ownership according to a set hierarchy: Organizer, Co-organizers, and Presenters. A fallback email for event ownership can also be configured in Settings > Calendar Integrations, ensuring that events remain up-to-date and accessible.

This guide outlines the processes and considerations for user deprovisioning and data management on PlusPlus. By following these guidelines, administrators can effectively manage user access, ensure compliance with data protection regulations, and maintain the integrity of engagement data and reporting. For additional support or clarification on these processes, administrators are encouraged to consult PlusPlus Data Policy or contact [email protected].