Just a quick aside, but the username in the file path is likely not enforceable as a means of identifying an individual. It’s possible that combining that with something else is, but that alone likely wouldn’t. Same with the machine name. Additionally the company name is not a concern as a company is not a European citizen. If someone chooses to use their full name (or email address) as their machine name, I think that would fall outside of scope of GDPR given we can’t cover every case and thats not a 1:1 mapping.
(I’m also not a lawyer but I am responsible for our GDPR compliance process and have been somewhat educated on the requirements and concerns.)
Sentry itself will be GDPR compliant ahead of the deadline, and we’ll be sharing more information on that soon. As part of that we are both a controller and a processor, though we’re primarily a processor from our customers point of view.
With all that said, there’s no value in knowing the actual absolutely path on the file system in this case, so ideally we’d just strip it. Thats more about overall experience vs GDPR/privacy though.