People Compliance at GitLab

People Compliance Mission

People Compliance works collaboratively with multiple functional teams throughout the GitLab organization. We partner to manage and protect the privacy of our People’s (team members) personal information, all relevant documents through data retention policies, and understanding all global compliance requirements to help meet internal and stakeholder expectations. Our primary partners are the entire People Group, Legal team, and Business Operations team.

Contact the Compliance Team

• Email
  • people-compliance@gitlab.com
• Tag us in GitLab
  • @gl-peoplecompliance
• Slack
  • The #people-connect Slack channel is the best place for questions relating to our team.

Defining People Compliance

People compliance (or HR compliance in other organizations) is a process of defining policies and procedures to ensure our employment and work practices demonstrate a thorough understanding of applicable laws and regulations, while also being aware of GitLab’s larger People Group objectives. These practices include our sourcing, screening, interviewing, hiring, onboarding, and offboarding stages. It also includes safeguarding confidential team member people data while employed.

We at GitLab face increasing people complexities as the number of employment laws and regulations are consistently on the rise, and the risk of penalties for non-compliance has perhaps never been greater. When developing people policies and procedures, GitLab has to remember, for example, that:

• GitLab must follow all employment laws, including applicable global regulations and all US federal, state, and local regulations.
• GitLab may be subject to an audit from an enforcing agency that may levy heavy fines and penalties for non-compliance.
• Not knowing or understanding your compliance obligations is not an acceptable legal defense.

Understanding GitLab’s strategic priorities lays the foundation for a better understanding of how compliance concerns may impact decisions. People Group goals should be designed to support company strategy, yet they must also consider different scenarios and the people compliance implications. People compliance practices will refine and influence activities such as hiring, employee development, and retention.

People Compliance Core Competencies & Responsibilities

All Responsibilities are listed in the People Compliance job family page, and they can be summarized as follows:

1. To identify needs and propose strategies to collaborate and support the enablement of compliant protocols.
2. Implement compliance initiatives and templates that can be utilised for initiatives.
3. Support team members, managers and teams to ensure they are aligned with our policies.
4. Iterate to simplify and ensure People Compliance processes are efficient and automated as much as possible.

How we work

Our People Compliance Issue Board serves as the internal board capturing non-confidential People Compliance issues. If you have a request for the People Compliance team, please open a Compliance Request issue and we will review and prioritize.

Labels

Please see the README.md in the People Compliance project listing our current status and communication labels. The main workflow stages are as follows:

Stages

• workflow::triage: New issue and no triaging has been done on the issue.
• workflow::research: Issue currently being scoped/considered but are not being actively worked on yet.
• workflow::in progress: We are working on this now, towards our due date.
• workflow::blocked: We worked on the issue and waiting for a response or another issue or MR to unblock us.
• workflow::backlog: Adding to the backlog of work todo and add a due date.
• workflow::done

Relevant Handbook Pages

• Privacy and Privacy Laws and GitLab - More information on GitLab’s privacy practices.
• Employee Privacy Policy - GitLab’s policy for how we handle the personal information of our team members.
• Records Retention Policy - GitLab’s policy on the implementation of procedures, best practices, and tools to promote consistent life cycle management of GitLab records.
• Data Classification Policy - GitLab’s Security Compliance policies related to data retention and disposal.
• Data Protection Impact Assessment (DPIA) Policy - GitLab’s policies related to Data Protection.
• GitLab Audit Committee - Information regarding GitLab’s Audit Committee of the Board of Directors of GitLab Inc.
• Total Rewards Audits - Information on some of our People Group audits.

Performance Indicators

Annual Mandated HR Reporting

This PI encompasses the 100% completion of all mandated, annual HR reports to all relevant Offices and Departments, most commonly being related to United States HR-related reports.

• People Compliance Reporting

View page source - Edit this page - please contribute.