[timblair]

An employee's use of a company-provided communication channel like Slack isn't covered by GDPR, but the company is liable for the content that's stored in their Slack account. Under GDPR, I, as a customer of Company X, have a right to know about and request a copy of any data stored about me by that company, which includes Slack conversations, in both open and "private" channels. GDPR also applies retroactively, so the old compliance export process wouldn't cover it.