- User Since
- Jul 17 2021, 05:27 (19 w, 1 d)
Oct 29 2021
@golyalpha As my current employer is one of the largish companies, (50,000+ international employees), but not primarily software focused we have all been given GDPR awareness training but do not have a general, all employees, GDPR statement available nor a standard text or set of texts to use.
When I was deploying a Phabricator instance I actually had to come up with the wording myself and then get it approved by the legal & compliance team - my biggest hurdle was convincing them of the required data retention period - they were much more used to systems such as payroll & HR where records are only retained for a fixed number of years after the period of employment as demanded by things like the local tax regulations and the idea that due to legal liability, etc., we needed to retain the information for the full life of the product being developed and possibly beyond if components were reused.
Would it worth considering having multiple versions available with which is displayed determined by locale & language selection, (I18n & I10n). Then places with specific legislation could display the boilerplate or customised version and places without could, potentially, mention it with a link rather than having a specific sign-off and also linguistic problems could be addressed by the instance maintainer(s).
@Labricator Definitely - as potentially contributors can be from anywhere in the world, including places with GDPR or equivalent legislation. (Note that I am In Wales, UK so would be covered). I am reasonably sure, not a lawyer remember, the legislation is written in such a way that you can't get away with things like "the data is stored somewhere without DGPR so it doesn't apply", etc.
Oct 28 2021
The EU & UK GDPR provisions are very specific that each data gathering application must inform the user:
Oct 27 2021
Jul 17 2021
Checking the Wikipedia entry for GDPR at https://en.wikipedia.org/wiki/General_Data_Protection_Regulation it mentions that this regulation or other similar ones have been enacted in:
Of course since Phorge itself is a public project with, potentially, UK/EU contributors the signup/login page should really display such a warning.