We have to analyse all our systems as well. Most of them are going fine, but I have a problem with a few. We not only have to take care of customer data, but also for employee data. This is personal data, too. And with GDPR we have to define how long we keep the data and there must be a process to delete the data as soon as it is no longer needed. There is also the "right to be forgotten".
I have no answer yet, how to deal with versioning systems like GIT. There is personal data in every commit (username and email), But it is not build to delete its history after a while. You can delete the history on purpose of course, but this is more a surgery and breaks all your processes based on the commit id.
How do others deal with such systems? There are also document management systems where you have to keep such history.
We're a place where coders share, stay up-to-date and grow their careers.
We strive for transparency and don't collect excess data.