Breaking the law data protection

Now we are taking a high risk using Wrike. We are developing Business Development for different Clients. Every Client have a folder. It's very easy to make a mistake with the mouse. You can move a folder into an other one. It's very simple. In this moment we are violating the law on data protection. We can understand why can't customise the permission for every user (general ,external or collaborator) on every act?. If you can not move, erase, change, whatever, I can manage the risk. Otherwise Wrike is not the tool that will allow us to scale as a company (that means manage more Clients with more team involved).  

When a task its moved into another automatically inherits the persons that are sharing it. Wrike has a full traceability and write the action on the comments field. It's very simple lose a Client making a easy mistake.

If every user from de company can move folders, can you imagine what can be done by an annoyed Business Developer? 

Upvote 2
👍 Spot On 💡 Innovative Approach 💪 Stellar Advice ✅ Solved 🪄 Remove Kudos
6 comments
Avatar
Stephanie Westbrook

Hi Joan, thanks for reaching out, security is really important so I want to make sure we talk about the different options we have. We don't have the ability to modify every action but we do have user restrictions available:

  • You mentioned the user roles (Regular, External, Collaborator), but we also have Folder and Project Permissions which let you limit a user's rights on a particular set of Folders/Projects. Giving someone Editor rights limits their ability to share but still lets them edit individual task details. 
  • Another feature that I think might be useful is the option to turn off inherited sharing. When you turn off inherited sharing, a Subfoler/Subproject no longer has to be shared with all the same people that have access to the parent Folder/Project 

I know that's not the exact functionality you're looking for (and we'll pass along your feedback to our Product Managers), but would either of those options help? 

0
👍 Spot On 💡 Innovative Approach 💪 Stellar Advice ✅ Solved 🪄 Remove Kudos

Many thanks for your comments Stephanie.

Regarding "Folder and Project Permissions", as you know, any Regular and External User can move a folder to another folder easily. At that time this folder inherit the persons that are sharing the folder where the user has introduce into. With a simple mouse's movement we can break the Law Data Protection. We are really concerned on that!We can not scale the company with this big issue.

Event we act the "turn off inherited sharing" option, on a medium size company team we can not make sure that in any point of time a Project Manager will makes this big mistake and doesn't tell us or doesn't realise of that staying the folder into tho another. Or more simply, if a Project Manager intents to harm our company, he can move all the folders.

Why can we not define at the maximum level of the detail the permissions of the users? Why can we not have a check permissions list? This tool we can offer more security in different fields, as for example the permission that all users have to download information of the projects.

Meanwhile you can proceed to activate the verification process when a folder want to be moved. Do you have this process defined and useful when a Regular user want to share a task or folder with an given external user. Why can not you apply the same tool in order to avoid the wrong movement of given folders?

We would please ask you to act as soon you can to solve this big and dangerous issue!!

Thank you.

1
👍 Spot On 💡 Innovative Approach 💪 Stellar Advice ✅ Solved 🪄 Remove Kudos

How to Set Up GTD Using Wrike suggests setting up folders as a means of tagging tasks with contexts (e.g. "low energy", "high energy", "home", "office").

In order to leverage this at the team level those folders would need to be shared with everyone.  Am I mistaken, or would that not ultimately result in everything being shared with everyone?

With regard to turning off inherited sharing, it says that's an Enterprise plan-only feature.  I'd say preventing accidental or intentional sharing of sensitive tasks is far from an enterprise-only concern.

1
👍 Spot On 💡 Innovative Approach 💪 Stellar Advice ✅ Solved 🪄 Remove Kudos
Avatar
Stephanie Westbrook

@Joan I apologize for the delayed reply. Thank you for the details. We've tested turning off inherited sharing in different scenarios and it seems to work and address the concerns you mention, but we would love to try it with you see if/how it could work with your team. I was wondering if you would you be available to do a screensharing session? I think looking at your Folder structure could go a long way in this case. 

@Ian You definitely can use Wrike for the GTD methodology, the idea is that you share Folders with only the people who need access. For example, you could have a set of Folders that is shared with everyone and then a separate set that has more confidential or private information that is shared with only select people. In terms of turning off inherited sharing,  you're right that it's an Enterprise feature. The thought process is that not all companies need deeper security controls but for those that do, we have the Enterprise plan. 

0
👍 Spot On 💡 Innovative Approach 💪 Stellar Advice ✅ Solved 🪄 Remove Kudos

Dear Stephanie, our main concern are:

  1. Security Data protection: many thanks for your advice, we really appreciate it. This function works well if you want avoid share folders with wrong person. But, we are working with a tree of 4 levels of folders, and in most cases last level has a lot of Partner's folder. If we have to inherit every one we should invest a lot of time and we should take care to be secure that every that a new member from Client side will join Wrike, we have to add in all those Partner's folders. We give to our team the External user profile. When we want to include any one of them into a new folder Wrike ask us if we are agree with that, because they are External users. Why we can not receive the same message from Wrike when any person decide to move a folder and place it into another one? In this case we can avoid the mistakes and the high risk to break the data protection.
  2. The security of the data. We are offering permissions to the Collaborator profile. Our Clients have this kind of profile, and when he moves unconsciously a workflow's status and make completed a task, or when erase the tag of the task and disengage it from his folder, we have to try to convince that the data is secure. We're using Wrike to develop projects because we realise that on the Business Development there is a big concern with the visibility of the development process on the Client side. If we introduce our Client into Wrike as a Collaborator, he can see in real live the process. So we have been solved a Client pain, but with this kind of issues that I explained, we are creating new pains. We can solve those new pains defining a set up of permissions offered to all profiles (User, External User and Collaborator). With a check list of permissions we should can offer every permission on depend the person (Client or worker) at the moment to invite to join Wrike (for example). As example: any External User or normal User can download information of the project without our permission (Administrators). This is a big threat for us, and we can solve defining the check list permissions, offering this possibility to responsible persons, not to all team.

Look forward to hearing you soon. Many thanks.     

1
👍 Spot On 💡 Innovative Approach 💪 Stellar Advice ✅ Solved 🪄 Remove Kudos
Avatar
Stephanie Westbrook

Hi Joan, understanding your Folder structure and its different levels helps a lot, thank you. I will share this feedback with our Product Managers.

I have another option I want to suggest - but I want you to know that I'm not trying to detract from your post (we're going to share your feedback) and I know that what I'm suggesting is not exactly what you need. In terms of your second point, I'm wondering if sharing Reports with people would be helpful? You can share a Report Snapshot with anyone and if you're sharing with someone who isn't a Wrike user, they won't be able to make any changes. This would only work if the information you need to share is visible on Reports and if people only need to see what's visible on the Report. 

 

0
👍 Spot On 💡 Innovative Approach 💪 Stellar Advice ✅ Solved 🪄 Remove Kudos

Folllowing List for Post: Breaking the law data protection
[this list is visible for admins and agents only]

Top
Didn’t find what you were looking for? Write new post