The Personal Data Access and Account Deletion Request Standard defines scope, data deletion categories and provides an overview of GitLab's personal data access and account deletion workflow.
This data deletion process applies to data access requests by both personal or corporate GitLab.com SaaS subscription holders or account deletion requested by both personal or corporate GitLab.com SaaS customers. Account deletion for corporate subscription holders requires validation and approval by the paid namespace account holder with a current GitLab subscription contract.
| Role | Responsibility |
|---|---|
| Support Team | Maintaining this deletion process handbook page and related deletion request project and issue templates |
| Support Team | Responsible for approving significant changes to this standard |
| Support Team | Responsible for approving exceptions to this standard |
| GitLab system owners | Processing user deletion for each system as required by the data deletion issue created through this process |
Use the appropriate workflow on this page when a user requests one of the following (under GDPR Article 15, CCPA) through a Zendesk ticket or via form submission to our Account Deletion and Other Requests project. These requests must be filled within 30 days.
Account deletion and data access requests go through a few stages before they can be closed, and it can be difficult to keep track of what stage in the process each request is in at any given time. Consider creating an issue board within the account deletion project and use the Awaiting::Challenge Answers, Awaiting::Deletion, and meta-issue labels to track the progress of each request. See this board for an example.
Users requesting deletion are required to confirm their intent to delete at the time of submission. After submission, the form entries are automatically checked and validated (such as the username, email address, and if the account is part of a paid namespace).
If the user account is a free account or personal subscription add the account-deletion::personal label to the issue created in the account deletion and other requests project. If the user account is tied to a paid namespace with a signed contract in Salesforce (a corporate request) add the account-deletion::corporate label to the issue created in the Account deletion and other requests project.
An issue in our Account Deletion and Other Requests project will be created for invalid requests, however all invalid requests will have Invalid request received in the title of the issue, and are scheduled to automatically close. No action is required for these issues.
Examples of personal requests that you may receive (based on the request type) are below.
NOTE: As there is a known bug with Group Managed Accounts, see the Group Managed Accounts section for the process.
When a request is received through Zendesk as a ticket, do the following:
For account deletions, apply the Support::SaaS::Account Deletion Instructions - GitLab.com macro, and mark the ticket as solved.
For data access requests, apply the General::Personal Data Access Request Instructions macro, and mark the ticket as solved.
This will direct the user to the Personal Data Request form, in order to have their request processed. The request will then be serviced when received in the Personal Account Requests Service Desk.
The only requests we need to take action on are:
When a user submits a personal request using the Personal Data Request form, an issue is automatically created in the Personal Account Requests Service Desk, meaning comments made on it will be emailed to the submitter.
Upon submission, the submitter will receive an autoresponder depending on the request and outcome of the initial validation. The autoresponse they receive will be in the initial description of the issue, along with a copy of the form entries that were submitted.
NOTE: Users have a total of 14 days to respond to the challenge questions. In order to keep track of the requests that are pending a response to the challenge questions, you can apply the
Awaiting::Challenge Answerslabel, if it does not already exist.
The user will automatically receive a set of Verification Challenges after form submission, as long as the following form entries have been validated:
If the user replies back with their answers to the challenges, perform the following steps:
RED, as all user data is classified as red.If the user does not reply back with their answers to the challenges, do the following:
If verification fails or is otherwise not possible, apply the Account Verification Failed label and respond with the following:
Greetings,
Unfortunately, the answers to our verification challenges have failed. As a result, we are unable to process your account deletion request. This issue will be closed.
Regards,
In certain circumstances we will need to close a users request without processing it. Outside of ownership verification failure this should only be done in the following scenarios.
If a request is received because the requestor submitted it directly to the Personal Account Requests Service Desk email address rather than using the form, close the issue and inform the requestor with the following snippet to open a new request through the form so that we can assist them.
Greetings,
It looks like you've emailed this request in to us directly. In order for us to best assist you please re-submit this request via our [Personal Data Request Form](https://support.gitlab.io/account-deletion/). Doing so will allow us to process your request more quickly and efficiently. This request will now be closed, and we're eagerly awaiting your resubmission. Thank you!
Regards,
If a user fails to respond to our verification challenge questions after 14 days, apply the Account Verification Failed to the issue and close it with the following snippet:
Greetings,
We have not heard back from you with responses to our verification challenge questions, which are required in order to verify your identity before we process your request. We will now close this request. If you still wish to proceed please feel free to submit a new request via our [Personal Data Request Form](https://support.gitlab.io/account-deletion/).
Regards,
NOTE: Please be aware of the type of deletion request submitted by the user. Some users may only want their CustomersDot account or their GitLab.Com account deleted, versus a full deletion (right to be forgotten). It's important to make that clear when working through the confidential issue to process the users request.
gdpr-request issue tracker, create a new confidential issue using the delete_meta_issue template for account deletions, or the personal_data_request template for data access requests. Populate the title with the email address of the original requestor.Link the original issue in the Related issue field.
Support Engineer: in order.An overview of this process is outlined in the chart below.
If a group is using group managed accounts, user accounts may be orphaned until gitlab#209081 is fixed. You can use ChatOps to check whether a group has the relevant feature flags enabled.
When checking the user account in admin, the user will be badged as a "Group Managed Account". Double check that the user is no longer a member of any group.
In these cases, we can delete the account so that a new user account can be created.
Use the Support::SaaS::Group Managed Account Deletion macro, which outlines the criteria and deletion.
Exceptions to this procedure will be tracked as per the Information Security Policy Exception Management Process.