GDPR requires organizations to know what personal data they hold and control how it's shared. But most companies forget about the personal data hiding inside their documents.
What GDPR says about document metadata
Under GDPR, personal data includes any information that can identify an individual — directly or indirectly. Document metadata often contains:
- Full names of document authors
- Email addresses embedded in document properties
- Computer usernames and network paths
- GPS coordinates from embedded images
All of this qualifies as personal data under GDPR.
The risk
Every time you share a document externally, you might be sharing personal data without consent. A law firm sending discovery documents, a hospital sharing patient records, a company distributing internal reports — metadata travels with the file.
The solution: audit and sanitize
DocInspector was built with this exact problem in mind. The Audit module scans entire folder structures, identifies all metadata across hundreds of documents, and generates a comprehensive report. You can then batch-sanitize everything — removing personal data while keeping the document content intact.
Best of all, since DocInspector processes everything locally on your machine, the audit itself doesn't create additional data processing risks. No cloud uploads, no third-party access to your documents.