Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think it will bring them under more scrutiny and rightfully so. But this sounds like a misunderstanding, both of the GDPR and user sentiment, enforced without discussion from the top. They responded quickly, humbly, and transparently in reversing the decision. I'm not sure about long-term erosion of trust, although this may harm subscription levels or contract negotiation in the medium term


An employee comment in the relevant merge request indicates that they are already knowing non-compliant with the GDPR. While I applaud their openness I wonder if this will comeback to bite them.


Do you have a link (or screenshot) of that comment?


"This is because we suspect that we are not currently in compliance but cannot expressly call out the gaps until the DPIAs are complete. (Actually, by not having the DPIAs, we are, on our face, out of compliance with GDPR regulations.)"

https://gitlab.com/gitlab-org/gitlab/merge_requests/14182#no...

The author, @cciresi is Candice Ciresi, their Director of Global Risk and Compliance.

https://i.imgur.com/52DUErO.png




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: