Do you think it's possible that any potential liability could already have been exposed when the issue itself ( https://gitlab.com/gitlab-com/www-gitlab-com/issues/5555 ) was opened, prior to compliance becoming aware of it? It contains the statement:
"In e-group on Monday October 15, 2019 we took the decision to enable a "job family country-of-residence block" for team members who have access to customer data. This is at the expressed concern of several enterprise customers, and also what is becoming a common practice in our industry in the current geopolitical climate."
It could be that better legal scrutiny during contract negotiation might have prevented this becoming an engineering, hiring and compliance concern.
"In e-group on Monday October 15, 2019 we took the decision to enable a "job family country-of-residence block" for team members who have access to customer data. This is at the expressed concern of several enterprise customers, and also what is becoming a common practice in our industry in the current geopolitical climate."
It could be that better legal scrutiny during contract negotiation might have prevented this becoming an engineering, hiring and compliance concern.