This document provides an overview of what account deletion and data access requests are and who is responsible for processing the different aspects of each request. To learn how to process each type of request as a Support Engineer, refer to the workflows page.
Under numerous global and national data privacy laws, users can request to have their GitLab SaaS accounts, along with any other information that we have stored about them, deleted. They can also request to obtain more details about their data, including information about what data GitLab has stored about them.
Users requesting data deletion are required to confirm their intent to delete at the time of their request submission. For GitLab SaaS and full deletion requests only, form entries for username, email, and paid namespace memberships will be automatically validated. All other requests require manual review and validation (where applicable) until further improvements have been implemented.
This process applies to personal data requests submitted by both personal users or corporate GitLab SaaS subscription holders and customers. Account deletion requests for corporate subscription holders require validation and approval by the paid namespace account holder with a current GitLab subscription contract. As part of this approval process, the account holder of the paid namespace (owner) must remove the subscription holder (user account) from their paid namespace.
| Role | Responsibility |
|---|---|
| Support Team | Maintaining this deletion process handbook page and related deletion request project and issue templates |
| Support and Legal Team | Responsible for approving significant changes to this standard |
| Support and Legal Team | Responsible for approving exceptions to this standard |
| Support Global Readiness | Responsible for resourcing, namely that there are enough Support Engineers to complete requests in a timely manner |
| GitLab system owners | Processing user deletion for each system as required by the data deletion issue created through this process |
Every request will go through multiple stages, denoted by labels, before they're closed out as completed. Keeping track of which stage of the process each request assigned to you is at is essential to processing them efficiently. Use one of the following two methods to do this:
Create a new issue board in the Personal Account Requests Service Desk issue tracker that is scoped to only show issues that you are assigned to. Then, create new lists for each label used in the process. Reference this board for an example.
Use the already existing Issue Tracking Board and filter it so that only issues that are assigned to you are displayed by typing in Assignee = yourusername in the search field.
Exceptions to this procedure will be tracked as per the Information Security Policy Exception Management Process.
