For a project I got some questions from the GDPR officer. As a result of media pressure there urgently needed to be a public registration tool that included a workflow. We ended up with an external anonymous Nintex form where personal customer details are submitted to a SharePoint environment.
The questions I have concern governance/GDPR/privacy:
1) When the form is submitted and the submitter gets the message that the form was submitted successfully. Is the data stored on Nintex servers (or O365)? Is this only till Nintex is able to push the data to the SharePoint environment? Is this deleted afterwards? Or just how long does Nintex have this data?
2) If a form is submitted and the SharePoint environment is temporary unavailable due to maintenance. What happens? Is the form submitted successfully and will Nintex keep trying to reach the SharePoint environment till it succeeds? Or does submitting simply fail at that moment (we could make a remark on the failed message concerning maintenance)?