It's also not a coincidence that Slack is neutering the ability to access channel history via the API very soon. With a very generous rate limit of 2 requests per minute I believe it was and a max of ~10 messages. This is already enforced for new marketplace apps and will apply to all apps starting in March according to their docs.
Slack claims to be data processor, not data controller [0]. The workspace admins are, ironically, considered by slack to be data controllers, so GDPR-related requests are supposed to be handled by them.
This is ironic though, as in the Pro plan they do not offer options to admins to download everything (eg DMs). So as an EU citizen I cannot request all my data, but technically it is the data controller who is responsible for it here (my workspace admin). Not sure how that would fly if somebody took the effort to seriously look into it though.
Also not sure how easy it is for an admin to download and provide me even my data from the public channels in the first place with the current tools. I am pretty sure there is no GDPR compliance overall, but it is probably not trivial to get slack actually accountable for it.
PS It seems the workspace owner has to contact slack about it, and this is for both free and pro plan where downloading direct messages/private channels is not an option by default. [1]
> In general, Customer is the controller of Customer Data. In general, Slack is the processor of Customer Data and the controller of Other Information.
It does to some extent, because companies have to respect gdpr for their own users as well: so individual employees/slack users have gdpr rights and they individually can get those enforced against the slack operators.
