"This is because we suspect that we are not currently in compliance but cannot expressly call out the gaps until the DPIAs are complete. (Actually, by not having the DPIAs, we are, on our face, out of compliance with GDPR regulations.)"

https://gitlab.com/gitlab-org/gitlab/merge_requests/14182#no...

The author, @cciresi is Candice Ciresi, their Director of Global Risk and Compliance.

https://i.imgur.com/52DUErO.png