Skip to main content

EU General Data Protection Regulation

GDPR-compliant project management infrastructure

Project management platforms store sensitive business data — roadmaps, sprint plans, team communications, and customer-linked issues. When that data includes personal information, your PM infrastructure is a GDPR data processor. We ensure yours is compliant.

Request a DPA View compliance overview

What is the GDPR?

Project management platforms sit at the center of your engineering and product workflows. Every issue created, every comment posted, every assignee added may involve personal data. GDPR applies to every tool that stores or processes personal information — not just your CRM or HR system. That includes your project management platform.

In force since

25 May 2018

Scope

Any org processing EU personal data

Max fine

€20M or 4% of global turnover

Breach reporting

72 hours

Key GDPR obligations for project management platforms

Project management platforms are data processors — they store personal data about your team members, customers, and external collaborators. These six articles govern what obligations that creates.

1

Art. 5 — Principles of processing

Project management data should be collected for specified, explicit purposes. Issue comments, time logs, and user activity should be retained only as long as necessary. We support configurable data retention and the ability to anonymize historical records.

2

Art. 6 — Lawful basis

Storing employee and contractor data in a project management system requires a valid lawful basis — typically contract or legitimate interest. Your PM platform should appear in your Record of Processing Activities (Art. 30).

3

Art. 17 — Right to erasure

If a team member or contractor requests deletion, you must remove personal data from issues, comments, and activity logs. We support data export and deletion requests so you can fulfill Art. 17 obligations.

4

Art. 28 — Data Processor

We act as your data processor for any personal data stored in managed project management instances. Our DPA covers Plane, OpenProject, and Leantime — and the infrastructure sub-processors involved.

5

Art. 32 — Security of processing

Project management platforms need strong access controls, encrypted storage, and isolated tenant environments. Our deployments enforce these controls — protecting personal data in your PM instance.

6

Art. 33 — Breach notification

If a breach affects personal data on our managed project management infrastructure, we notify you within 72 hours so you can meet your reporting obligation to your supervisory authority.

Art. 30 — project management as a documented processing activity

Under GDPR Art. 30, data controllers must maintain a Record of Processing Activities (RoPA). Your project management platform is likely one of them — it stores personal data about team members, contractors, and potentially customers linked to issues.

  • Document your PM platform in your RoPA: what personal data you store, for what purpose (team collaboration, project delivery), and under which lawful basis
  • Access controls: configure role-based access so that only those with a legitimate need can see personal data — not all issues or user profiles should be accessible to all team members
  • Retention: configure data retention for closed projects and deactivated user accounts — personal data in archived issues and activity logs should not be kept indefinitely

What we provide for GDPR compliance

  • Data Processing Agreement (DPA) on request
  • EU data residency — Nuremberg (primary) + Falkenstein (DR)
  • Audit logs retained and exportable
  • Data export on request (Art. 20 portability)
  • Data deletion on request (Art. 17 erasure)
  • 72-hour breach notification to you (Art. 33)
  • Encrypted backups stored within the EU
  • Sub-processor list available on request

Your GDPR-compliant project management stack

Three managed project management platforms — running on EU infrastructure with DPA coverage for all personal data stored in your instances.

Issue Tracking & Project Management

Plane

Modern project management for engineering teams

from $19 /mo

Project Management & Gantt

OpenProject

Enterprise project management with Gantt charts and time tracking

from $29 /mo

Lightweight Project Management

Leantime

Intuitive project management designed for everyone

from $12 /mo

Project management platform storing personal data?

Request our DPA for your managed project management infrastructure and discuss how to document your PM platform in your Record of Processing Activities.

Request a DPA