WARNING! Gitlab maintenance operation scheduled for Thursday, 18 June between 19:00 and 20:00 (CET). During this time window, short service interruptions (less than 5 minutes) may occur. Thank you in advance for your understanding.
@@ -852,7 +852,7 @@ VPN provider shall not send PII outside of the endpoint at all.
The VPN provider shall not require PII for use of the product, including for payment.
* Reference: TR-NPII
* Reference: TR-DMIN
* Objective: Confidentiality
* Preparation: Follow the instructions to use the product and start a VPN connection, selecting the options that require the least PII, recording all data entered
* Activities: Examine the data entered looking for PII
@@ -866,7 +866,7 @@ The VPN provider shall not store any PII of the user on remote data processing s
Guidance: VPN providers may use remote systems to handle support tickets, e-mail and a knowledge base. The VPN provider shall not store any PII in remote data processing systems without abundantly clear and explicit permission from the user.
* Applicability: (optional, for requirements that depend on a feature)
* Reference: TR-NPII
* Reference: TR-DMIN
* Objective: Confidentiality
* Preparation: Gather internal written policy on what data may be stored, samples of all types of information stored by the provider that may contain PII, covering at least one instance of all types of activities conducted by the user
* Activities: Examine the written policy and samples of stored data and look for PII
