GDPR-any recent update on GDPR?

security

(vijktc) #1

Do we have any Changes to handle GDPR in Octopus-w.r.to User names saved?


#3

Hi,

Thanks for getting in touch!

We have outlined all the work that we have done for GDPR compliance here. As data for your Octopus installation is all self hosted and generally only contains information on internal staff our GDPR compliance is pretty straightforward.

Please review the linked document and let me know if you have any questions,

Regards,
Alex


(vijktc) #4

Hi Alex,

Thanks, But my query is do we have any API to remove the Users from Octopus who left the Company and we don’t want to hold their info.


(Nick Josevski) #5

Hello,

There is an API to remove users, this will delete their User Account, which include their full name, email address, and any data related to 3rd party Single Sign On (SSO) services.

What will not be deleted is audit history data, including the creation of that user with that same PII data. That data will mean the identifiable data on the Data Subject is still present.

You may need to hold onto that data to meet requirements for other laws. We don’t have a fully built in feature in Octopus to completely cleanup as modifying audit logs is risky and has impacts for customers in complying with other laws.

If you have historical backups of your Octopus database it will also still continue to retain data on that deleted Data Subject.

We can offer guidance for you to scrub audit logs and backups but it has associated risks and complexities. Have the discussion within your organization first, the legal implications of scrubbing audit history. You may only want to consider deletion of Data Subject data only if that Data Subject directly requests it.

Regards,
Nick


(vijktc) #6

Thanks Nick. As first step we will do only the User Removal, please share info about the API.

Regards,
Vijaya Paramasivam


(Nick Josevski) #7

Hello Vijaya,

Sure thing, send a DELETE to the API at this route api/users/{userid}.

You can browse the Octopus API if you append /swaggerui to your Octopus URL.
e.g. https://demo.octopusdeploy.com/swaggerui/

Here’s the delete action on users on our public demo site: https://demo.octopusdeploy.com/swaggerui/index.html#/Users/DeleteOnBackgroundResponseDescriptor_Users_User_UserResource_

Regards,
Nick