[mbzi]

I like this, I see what they're doing and it looks promising. However It lacks a data request/GDPR takedown section which for me makes the project commercially useless.

Most teams/products always look at compliance as the last big rock to implement and it becomes a massive headache. If this project is focused to B2B learning it should have been tackled first (and not missing from the demo).

[yread]

Is it really such a big problem in b2b? Can't you be only the Processor sign a DPA with your customers and let them handle the biggest part of the headache?

[mbzi]

yes. I am a data processor not a controller. If you store data tied to the user you still need a mechanism to retrieve / delete it. This is something I encountered. Even if it is in reality not an issue and by itself the data is meaningless. Perhaps I need better legal advice :)

[hackerm0nkey]

It's a template, GDPR is EU-specific and not everyone in the world has to worry about that, it's just too specific a subject to consider in a generic template.

If an EU-based (or storing EU data) team need to jump start from this, one can implement that section on top and not have to wait until the end as you say. The aim of the template is to give you a head start in the right direction.

[mbzi]

I understand your point but I see this as a global B2B requirement. Most products I use and have built cover North America, Europe, Middle East and now Africa. Each country or region has its quirks. If you are GDPR compliant there is a good chance you cover most other regulation. Nevertheless is an issue, especially - and rightly so - the fines are increasing and the regulation is becoming tighter. If it is not built in the extendability of a product to do so does matter and therefore the success of the template.