Press "Enter" to skip to content

SharePoint Online as data protection management system (DPMS)

The General Data Protection Rules (GDPR) entails many documentation obligations, in order to meet the requirements, many smaller and larger companies have built simpler and more complex solutions. However, instead of taking a 3rd party solution, it would be possible to implement a similar solution with existing IT. The SharePoint Online is suitable for this:


The requirements for a DPMS are quite well documented, here you can find some of the requirements:

  • Responsibilities of the departments, department heads, employees
    operational functions
  • audit capabilities
  • Processes (e.g. information, emergency)
  • Data protection impact assessments, if required.
  • Procedural and processing inventories
  • Documentation of the IT systems (e.g. Which attributes are synced into the cloud by AAD Connect?)
  • Legal basis of processing
  • Contracts and risk management of IT solutions

In addition, there are the technical requirements from the project

  • common cooperation
  • Rights management (editing for responsible persons and the data protection team, view for works council and data protection authority, employees if applicable)
  • versioning
  • reachability
  • adaptability of the solution

What does SharePoint Online have to offer?

SharePoint Online as a content management system makes it possible to manage the know-how and to fall back on existing strengths such as the intranet. With the design, customization and automation solutions it is possible to build a framework and scale it as often as desired.

  • Identity Management/ Authorization Management
  • Document management/ versioning
  • wiki
  • communication site
  • Microsoft Flow
  • Access at any time of day or night
  • intranet
  • various ready-made sites
  • Integration into the Office 365 system

SharePoint Online as DPMS

The following modules are planned for the time being:

  • GDPR – Dashboard over Graph with appropriate information and not “only” what the US ladies and gentlemen think
  • Tickets for inquiries and processes (internal an external)
  • Corresponding rights etc.
  • Contract board
  • Communication site with environmental parameters
  • Authorizations
  • Data protection impact assessment form with SPO List
    technical documentation with TOMs

Future – The Community Project

In the future I will build a DPMS system for data protection for the community.

  • Whitepaper with short concept
  • Demo environment for testing (see first pictures above) – Demo – Company rakoellner AG
  • DPMS Framework for SharePoint Online on GitHub (private:


First Screen (German)