BlueSpice and the DSGVO/ GDPR

Against the background of the basic data protection regulation (DSGVO/ GDPR), we have revised our enterprise wiki software with regard to the protection of personal data.

Basic rights

The DSGVO / GDPR defines a set of basic rights, which are also relevant for the users of BlueSpice MediaWiki:

• Information: The users have a right to know what data about them is stored in the system
• Data portability: It must be possible for the users to extract the data stored on a platform and to transfer it to another system.
• Correction, deletion or blocking: Users can request or arrange for the correction of their data. They may also request the deletion or blocking of access to their data.
• Forgetting: It must be possible to remove the link between data and individual users.
• Consent: Users must be able to give differentiated consent to the storage and use of their data.

Implementation in BlueSpice MediaWiki: The Privacy Center

To support the protection of privacy, BlueSpice MediaWiki now delivers the Privacy Center, which every user can reach via the personal menu. Various actions can be carried out here:

• Request anonymization: A user can request that his name be made unrecognizable. To do this, he can either assign a pseudonym himself or accept the suggestion of the system.
• Request deletion: A user can request that his account and all associated data be removed. However, for reasons of consistency and traceability, this is not completely possible in BlueSpice when it comes to the allocation of content contributions. We follow a pool approach here. This means that all data that must still be retained is assigned to a collector user and is therefore no longer individually identifiable.

By the way: the correction of personal data can usually be done by the users themselves, since they can edit the content and their profiles themselves.

Information about the data collected

The Privacy Center also includes a function to provide information about the data collected. These are determined at the push of a button and include all personal details (e.g. name and e-mail), work data (e.g. stored reminders or workflows), log data (e.g. when which article was processed) and any mention of the person in the content. These can be exported as HTML or CSV files in a further step.

Consent to the privacy policy and the use of cookies

The Privacy Center allows users to give or withdraw their consent to the privacy policy and the use of cookies. This is also requested during initial registration. A refusal initially has no direct consequences. In the administration interface, however, authorized persons can see which employees have agreed. They can then decide how to proceed in case of a rejection.

Balancing user interest and accountability

In an enterprise wiki, the legitimate interest of the user in the protection of personal data is offset by the requirements of traceability and accountability of the company. For example, companies may have to prove exactly which person made which change to the content at what time. For this reason, both anonymisation and deletion must be confirmed by an authorised person. In future, this will be done via a central administration interface.

Summary and outlook

The privacy extension is delivered with all editions of BlueSpice MediaWiki. It supports the operators of platforms in complying with the DSGVO / GDPR and maps them in the software. The team of the Hallo Welt! GmbH continues to work continuously on adapting the software to a rapidly changing legal environment and to meet the current interpretations of the DSGVO / GDPR.

Let’s wiki together!