GDPR compliant about Additional Notes, request history and making approval process private
There is a functionality in Shifts that requester can choose the reason and leave the note (detail reason) to explain why taking the time off. This message is visible for all the team owners. Also the Request History, cannot be deleted and it is visible to all Team Owners.
To comply with GDPR Article 9, we should not disclose sensitive personal information publicly to anyone. Therefore, the ideas are:
Make it possible to disable the optional Notes field to ensure the reason information is not exposed to other possible Team Owner that is not the employees' direct report manager.
Make it possible to delete the request history by the Team Owner.
Make sure the Approval request is only visible to the requester and his/her chosen manager for approving the time off request, not to all the team owner.
Make the reason and additional notes of a time-off request hidden from the Shifts schedule, once it has been approved.
This is very important for us to comply with in EU. Please make the updates on the above points.