GDPR: Make workflow notification secure - How to hide personnel data?
How to handle workflow notification with sensitive personnel data?
The HCM approval notifications are delivered as an entry in the worklist and sent as email to the recipient (employee, manager, HR etc.). The email could contain personnel data (marital status, termination reason, PII information, new address, salary or etc.). These emails can be easily forwarded to an unauthorized recipient. The deletion of emails with personnel data is additionally a challenge). This is creating a security risk and could create also a problem with the GDPR:
Is there any proposal/solution to handle this issue without switching off the email notifications of all workflows or single workflow tasks?