Don’t be so quick to dismiss the feedback from compliance teams. It’s possible TOU are written such that you really can’t store data on the client without agreement. It’s also possible that other regulations besides GDPR apply that you may not be aware of, for example those specific to banking or health.
We're a global company making enterprise software. We have all the certifications including really nasty ones like FedRAMP and HIPAA combined. GDPR is a walk in the park comparatively. I'm well aware of the details and deal with compliance on a nearly daily basis. The only justification was "just to be safe", which is why they quickly acquiesced to storing the string "false" after pushback.
Don’t be so quick to dismiss the feedback from compliance teams. It’s possible TOU are written such that you really can’t store data on the client without agreement. It’s also possible that other regulations besides GDPR apply that you may not be aware of, for example those specific to banking or health.
We're a global company making enterprise software. We have all the certifications including really nasty ones like FedRAMP and HIPAA combined. GDPR is a walk in the park comparatively. I'm well aware of the details and deal with compliance on a nearly daily basis. The only justification was "just to be safe", which is why they quickly acquiesced to storing the string "false" after pushback.