I'm a network admin at work, and in some circumstances peoples names as used as identifiers for rules, maybe for DHCP, or firewall rules to explain why a rule exists.
'Bob McBobberson needs access to X,Y,Z'
Everything I've seen on GPDR says that Bob may have the right to request to have information about him deleted, however a rule such as this isn't information about Bob, it's information for allowing Bob to do his job. Would this be included in the kind of information that we would have to provide to Bob if he wanted to 'export' his data under the description that GPDR gives?
If so, is any exclusion made for when said data could actually cause a security issue for the exporter? Can parts be censored or left out, as required, to make sure it doesn't fall foul of revealing information about the company which should be kept secret?
What if Bob demanded to export his 'secret' key, which is used to encrypt sensitive business data, because his key is named after him? bob.key ?
