I’ve set up a Passbolt instance for my company, and I’ve been told that since Passbolt collects personal data, I should declare it to the authorities. Is it true ? If yes, how would one go about it ?
I’m really curious to know if anyone has ever done that for a passbolt instance ?
Of course it depends on your situation and this is not a legal advise, but normally you shouldn’t have to declare anything to authorities unless there was a breach.
it depends from where you are from and where it is hosted. The GDPR is broken down in multiple parts.
EU-GDPR and Country-GDPR (Example: D-GDPR stands for Germany-GDPR and that is broken down in L-GDPR for State-GDPR)
So, like I mentioned before it depends where you are from and how your GDPR is constructed. Normally your Data-Protection-Officer can help here. Usually, the Data processing part is covered by your Compliance and data Protection Agreement for Employees.
Like that I am sorry to inform it raises more questions than answer and like @remy mentioned too if legal advice is needed ask there.