EU Data protection laws and Coda

Hi everyone,
I work for a company based in Poland in EU and we came across the wall regarding EU and local laws in connection with Coda.
Our local law regarding data security and protection of personal data requires us to delete/anonymise all of user’s/client’s data on their request after we end cooperation.
Unfortunatelly with unlimited doc’s history version this is not possible - even if we delete client’s personal data, we can still have access to it via history version.

We tried solving it by keeping the personal data in google sheets and then connecting it to Coda via Coda Pack, but in history version the data remains in Coda even if we deleted it in orignial google sheet (that is unless we synchronise the data with the orgininal table)

Another solutuion we were considering was creating a copy of a doc and deleting orignial with it’s history version, which works but creates another problem - all connections (cross-doc) are deleted as well and with the environment we created it means a lot of additional work with connecting everything again and denial of service for users during that operations

I wanted to ask for help, maybe someone who is working from EU found some brilliant solution / workaround to that problem.

1 Like

hi @Wiktor_Strzezek , is this GDPR or a specific Polish law?
cheers, christiaan

I’m not a layer so don’t quote me on that, but as far as I know it’s polish equivalent of GDPR called RODO which aim is to protect personal data.

hi @Wiktor_Strzezek , it seems quite a reach for GDPR and also unpractical, are you sure this is required once you remove all personal data (like bank accounts, birthdates etc) from your organisation?

However if you have to delete all user info, then the set up as of the beginning should be different and in such a way you can rename the user to something vague. The user will remain visible in your docs, but that user cannot be related to somebody else. This is possible when you use company email to login and thus you can rename the email of the person.

We all know that we cannot rename Gmail and other personal email addresses as a former employer, cheers, Christiaan

Thanks for reply @Christiaan_Huizer,
Unfortunately I am sure this is required to delete all of the personal data on client’s request and we cannot have access to that data later after we end cooperation.
The problem with setting up our Docs with users’ name/suername to something vague is that it won’t be very readable for us.
For example we have HR Doc with list of our employees and their data, if we were to switch their names and surnames with some nicknames it would not be as usefull.

We need to be able to relate data with a person as long as we work together, but then we need to be able to lose all access to that data and doc history version disables us to do that

I see your point, the moment the employee leaves, do you have the option to alter the normal name into a nick name by changing the email? I am afraid not, so then my suggestions are of no help.

GDPR is hard to deal with in this context. Sorry that I cannot help you further.