undefined | Better HN

0 pointscurryst5y ago0 comments

I don't think GDPR differentiates between sensitive info you asked for, and sensitive info that somebody chooses to put in a field not meant for it.

It's both great because it prevents loopholes, and shitty because you have to consider GDPR for fields that definitely should never have any PII in them.

0 comments

1 comments · 1 top-level

hnlmorg5y ago

> I don't think GDPR differentiates between sensitive info you asked for, and sensitive info that somebody chooses to put in a field not meant for it.

I know GDPR doesn't, my point is if, as a business, GDPR is a requirement from your ticket tracking then you might need to rethink the data you, as a business, are putting on there. Something like this is not intended for tracking customer data. It's intended for assigning work and tracking throughput.

If you need to log customer data then you need a different type of issue tracking and something that project managers et al don't all have visibility of.

j / k navigate · click thread line to collapse