GDPR-any recent update on GDPR?

vijktc · 15 May 2018 08:51

Do we have any Changes to handle GDPR in Octopus-w.r.to User names saved?

Alex.Rolley · 16 May 2018 01:31

Hi,

Thanks for getting in touch!

We have outlined all the work that we have done for GDPR compliance here. As data for your Octopus installation is all self hosted and generally only contains information on internal staff our GDPR compliance is pretty straightforward.

Please review the linked document and let me know if you have any questions,

Regards,
Alex

vijktc · 16 May 2018 11:41

Hi Alex,

Thanks, But my query is do we have any API to remove the Users from Octopus who left the Company and we don’t want to hold their info.

nick · 17 May 2018 00:23

Hello,

There is an API to remove users, this will delete their User Account, which include their full name, email address, and any data related to 3rd party Single Sign On (SSO) services.

What will not be deleted is audit history data, including the creation of that user with that same PII data. That data will mean the identifiable data on the Data Subject is still present.

You may need to hold onto that data to meet requirements for other laws. We don’t have a fully built in feature in Octopus to completely cleanup as modifying audit logs is risky and has impacts for customers in complying with other laws.

If you have historical backups of your Octopus database it will also still continue to retain data on that deleted Data Subject.

We can offer guidance for you to scrub audit logs and backups but it has associated risks and complexities. Have the discussion within your organization first, the legal implications of scrubbing audit history. You may only want to consider deletion of Data Subject data only if that Data Subject directly requests it.

Regards,
Nick

vijktc · 17 May 2018 05:38

Thanks Nick. As first step we will do only the User Removal, please share info about the API.

Regards,
Vijaya Paramasivam

nick · 17 May 2018 06:05

Hello Vijaya,

Sure thing, send a DELETE to the API at this route api/users/{userid}.

You can browse the Octopus API if you append /swaggerui to your Octopus URL.
e.g. https://demo.octopusdeploy.com/swaggerui/

Here’s the delete action on users on our public demo site: https://demo.octopusdeploy.com/swaggerui/index.html#/Users/DeleteOnBackgroundResponseDescriptor_Users_User_UserResource_

Regards,
Nick

vijktc · 28 May 2018 05:55

Nick,

Thanks for your Support. I am fine to Close this Conversation.