GDPR is a legal framework, so:
Full GDPR text
- Keboola “KBC” is “just” a technology - same as your harddrive => the client is controlling what is going on, we have no access to the data until we are invited into a project (Keboola operates KBC without access to data)
- KBC implements some principles which are handy for GDPR: data takeout, regionality (everything sits in EU if you have KBC EU project), transparency (data format, configurations, source code…), auditability…
- [rights for data] you can get copy of end-user data and provide it to them (in separate KBC project) in readable and non-proprietary form
- [rights to be forgotten] - you can clean data based on some list and stop working with specific records
So, our position is very clear: we’re modifying legal documents and we’re clearing some tech features (not related to security).