Latest Posts

Automating GDPR Compliance Reporting using PnP PowerShell

Posted on by Rishan Solutions

Loading

The General Data Protection Regulation (GDPR) requires organizations to protect personal data and provide transparency about its usage. SharePoint Online administrators must regularly audit and report on GDPR compliance. PnP PowerShell enables automation of these compliance tasks, ensuring continuous monitoring and reporting.

Key Objectives:

✔ Identify and audit personal data stored in SharePoint
✔ Track access logs and permissions for sensitive content
✔ Automate GDPR compliance report generation

Step 1: Install and Connect PnP PowerShell

Ensure the latest PnP PowerShell module is installed:

Install-Module -Name PnP.PowerShell -Force -AllowClobber
Update-Module -Name PnP.PowerShell

Connect to SharePoint Online

powershellCopyEdit# Connect to SharePoint Admin Center
Connect-PnPOnline -Url "https://yourtenant-admin.sharepoint.com" -Interactive

✔ Authenticates the session for GDPR-related queries.

Step 2: Identify Personal Data in SharePoint

Personal data (PII) includes names, emails, addresses, and financial records. The script below searches for potential GDPR-sensitive content:

$gdprKeywords = @("SSN", "Credit Card", "Passport", "Address", "Phone", "Email")

$results = @()
$sites = Get-PnPTenantSite 

foreach ($site in $sites) {
    Connect-PnPOnline -Url $site.Url -Interactive

    foreach ($keyword in $gdprKeywords) {
        $searchResults = Submit-PnPSearchQuery -Query $keyword -TrimDuplicates $true

        foreach ($item in $searchResults.PrimarySearchResults) {
            $results += [PSCustomObject]@{
                Site = $site.Url
                FileName = $item.Title
                Path = $item.Path
                MatchedKeyword = $keyword
            }
        }
    }
}

$results | Export-Csv -Path "C:\Reports\GDPRDataLocations.csv" -NoTypeInformation
Write-Host "GDPR Data Report saved to C:\Reports\GDPRDataLocations.csv"

Identifies files containing personal data across all SharePoint sites.

Step 3: Audit Access to GDPR Data

To track who accessed sensitive data, generate an audit log report:

$startDate = (Get-Date).AddDays(-30)
$endDate = Get-Date
$logFile = "C:\Reports\GDPR_Access_Audit.csv"

$logResults = Search-PnPUnifiedAuditLog -StartTime $startDate -EndTime $endDate -Operations "FileAccessed" -ResultSize 1000

$filteredResults = $logResults | Where-Object { $_.AuditData -match "SSN|Credit Card|Passport|Address|Phone|Email" }

$filteredResults | Select-Object CreationTime, UserId, Operation, AuditData | Export-Csv -Path $logFile -NoTypeInformation

Write-Host "GDPR Access Audit Report saved to $logFile"

✔ Logs who accessed sensitive files and when.

Step 4: Review External Sharing of GDPR Data

To comply with GDPR, personal data should not be shared externally without proper approvals. The following script identifies externally shared documents:

$externalSharingReport = "C:\Reports\GDPR_External_Sharing.csv"

$sharedFiles = Get-PnPListItem -List "Documents" | Where-Object { $_.FieldValues["SharedWithUsers"] -ne $null }

$sharedData = @()

foreach ($file in $sharedFiles) {
    $sharedData += [PSCustomObject]@{
        FileName = $file.FieldValues["FileLeafRef"]
        URL = $file.FieldValues["FileRef"]
        SharedWith = $file.FieldValues["SharedWithUsers"]
    }
}

$sharedData | Export-Csv -Path $externalSharingReport -NoTypeInformation
Write-Host "GDPR External Sharing Report saved to $externalSharingReport"

✔ Lists externally shared files containing personal data.

Step 5: Automate Monthly GDPR Compliance Reports

To automate reporting, schedule the GDPR compliance script using Task Scheduler:

  1. Save the script as GDPR_Report.ps1.
  2. Open Task SchedulerCreate Basic Task.
  3. Set TriggerMonthly.
  4. Set ActionStart a Program.
  5. Browse to powershell.exe and add arguments: -ExecutionPolicy Bypass -File "C:\Scripts\GDPR_Report.ps1"

✔ Ensures automatic GDPR compliance reporting.

Step 6: Notify Compliance Teams

To automatically email the report to compliance officers:

$reportPath = "C:\Reports\GDPRComplianceReport.csv"
$to = "compliance@yourcompany.com"
$from = "noreply@yourcompany.com"
$smtpServer = "smtp.yourdomain.com"

Send-MailMessage -To $to -From $from -Subject "Monthly GDPR Compliance Report" -Body "Please find the attached GDPR compliance report." -Attachments $reportPath -SmtpServer $smtpServer

Notifies the compliance team with the latest report.

Leave a Reply

Your email address will not be published. Required fields are marked *