GDPR is not a one-and-done, now-you-have-the-badge, thing. We need to maintain the policy, and also ensure we’re all practising Privacy by Design in our work. For Foreman itself, this isn’t a huge deal (since it’s self-hosted, we don’t see the data anyway), but if you’re proposing (or directly making) changes to our infrastructure then you need to keep this in mind. Obviously if you spot something existing that we missed in v1, flag that too
If you have any doubts about a change, get in touch with me - I’m no lawyer, but I’ve been studying this for a while, and I try to keep up with the state of tech policy. Thanks!