GDPR Overview and Guide to Deleting User Data
GDPR refers to the EU General Data Protection Regulation (GDPR). This law, which went into effect May 25, 2018, governs how companies process the personal data of EU residents and establishes stronger protections for the ‘digital rights’ of an individual. This law applies to all companies that do business with and have customers in an EU country. GDPR also mandates that users must give explicit consent for you to use their personal information, and you must have a record for that consent. After gaining consent, you may only use personal information for the purposes that were specified when the consent was given.
How Our Company Approaches GDPR
Fill in this section with changes you've made.
Consider adding links to:
- Updated Privacy Policies
- New Terms of Service
- Any other documentation about how your company is handling GDPR regulations
Deleting User Data from Our Database (if applicable)
Assuming you have a database, give people guidance about how to delete all data pertaining to a specific user from it. If you want employees to follow a standard process (in Github, for example,) specify what you want them to log and what details they should include.
How to Comprehensively Delete User Data from Other Places
Use this section to log any and all tools that tap into your database and/or leverage user data in any way. Ideally, link to the documentation from those companies about how to delete all user data. For example, here's the documentation from Amplitude on how to comprehensively delete user data. Solicit input from all teams on what tools they use, so that you've captured all of the contexts in which user data is used.