892 votesPontus commented
Anyone that is concerned with this requirement, should also be concerned with the fact that any type of user can see the whole O365 directory, including all contact details and the organisational structure. It is now possible to remove specific users from the crawl, but that does not mean that all other users are willing to share their details with various external users that are invited to SharePoint for example.
Also, as @Liz already commented, GDPR requires a good reasons for every business scenario where personal details are shared. I doubt that letting everyone, including company external users, to search delve, is well aligned with expectations from GDPR.
Please vote the below suggestion up here so that only specified users or groups are allowed to search delve, like using the profile cards in SharePoint etc
407 votesPontus commented
This has now become a absolute vital need for all organisations dealing with GDPR! We are trying to host site collections that includes external users. Through delve they search and find every single user in the whole Office 365 directory, getting the organisational structure and all the contact information of everyone up to CEO level.
How are we suppose to motivate that these users have access to all this data - both to our organisation and to the EU?
More granular controls for Delve is now a question of compliance with EU law.
4,641 votesworking on it · AdminBarbara Feldon (Office 365 Customer Experience, Microsoft Office 365) responded
Great news! This capability is included in in the recently updated Office 365 Roadmap entry: “Admin App Launcher Customization Tools” which can be found in the “In Development” section.
18 votesPontus shared this idea ·