Personal Data Removal Requests

General guide to resolve personal data removal requests


Personal Data (also known as personally identifiable information is any data, individually or when combined with other data, that identifies, relates to, describes or is reasonably capable of being associated with or linked to an identifiable natural person, whether directly or indirectly. Personal Data can be sensitive or non-sensitive. Non-sensitive Personal Data is information such as a public avatar, name, email addresses, company/organization name, job title, country, social media handles and biographic information as well as public user profile information. Sensitive Personal Data is information which, when disclosed, could result in harm to the individual whose privacy has been breached, such as government identification numbers, genetic data, health information, religious affiliation, political affiliation, or photos. Although GitLab does not request or intentionally collect any Sensitive Personal Data, if a user stores such data in a publicly accessible reposity, the data can be publicly accessible via a While this list is not exhaustive, these are examples of the different types of Personal Data which could be made available intentionally or non-intentionally.

Note that a Personal Data removal request is intended for the removal of personal data that can or is being used to identify or link to a specific individual for potentially malicious intent. This type of removal request is not to be used to exercise an individual’s right to deletion under any global data privacy laws.

Keywords: Personal Data, Name, Social Security Number, Date and Place of birth, Mother’s Maiden Name, Biometric Record, Résumé, Education Information etc.

Personal Data removal requests can be sent to


  1. Vet the request.
  2. Verify that the reported links to the content is present in the request?
  3. Is the content still live?
  4. If the content is no longer available. Notify the requester and close the request. (cc
  5. If the content is still live, forward the request to Abuse for further review.
  6. The Abuse Team will comment on the ticket advising on the next steps or steps taken.

It is important for the Abuse team to review the request before forwarding it to the reported account. The Abuse Team will create a new ticket and forward the initial notice, including the reference ticket in Internal Notes. Abuse Team will take over from here.