We have merged our Atlassian licensing and consulting business with our partners over at Seibert Group. The Actonic apps will continue to be developed by the same caring team as before.
Read more...

Atlassian Cloud goes BaFin compliant

By Patricia Modispacher20. December 2021Reading time: 2 minutes

It was a shock for many European institutions when Atlassian announced that server products would no longer be supported in 2024. Migration to cloud products certainly offers many advantages, but it does involve some problems, especially for companies in regulated sectors such as insurance or finance. This is because such companies that operate in the European Economic Area are regulated by the European Banking Authority (EBA) and must comply with strict guidelines. In doing so, it is the obligation of national government authorities to ensure this compliance. For example, the German Federal Financial Supervisory Authority (BaFin) is a national authority that further tightens the EBA guidelines.

So far, a worry-free use of Atlassian Cloud was not possible. But Atlassian's newly published EU Financial Services Addendum finally offers the possibility to use Atlassian's Cloud products in an EBA and BaFin compliant way.

Read more about this milestone!

Claim your free consulting session

Unfold your Atlassian potential with our tailor-made solutions.

Request consultation

EBA, BaFin and the problem with the cloud

To understand the added value of Atlassian’s update, let’s first understand the issues that have been bothering many companies in Europe so far. Within the European Economic Area, the EBA ensures that data protection guidelines are met. BaFin is a national financial market supervisory authority in Germany and is one of the strictest in the world. Although end-users are benefitting from it, the regulations result in difficulties for organizations that want to work with the Atlassian Cloud.

Although cloud services can be set up internally, the EBA and BaFin see the services as outsourcing. As a result, they must be supervised equally to other internal services. This is the only way to ensure data protection beyond the affected institution.

Until recently, however, EBA- and BaFin-regulated companies were unable to use cloud products in a way that met the strict guidelines.

Time for some innovation, right?

Atlassian’s solution for cloud compliance with EU FSA

On December 6th, 2021, the long-awaited update arrived: an EU Financial Services Addendum (FSA). This is an update to the order processing agreement (AV) or DPA (data processing addendum). The new version also establishes control over the location and processing of data in the Atlassian Cloud. Customers are also granted extended control permissions to comply with EBA and BaFin guidelines. This update will finally enable regulated companies in the financial or insurance sector to use Atlassian’s Cloud products in a fully EBA and BaFin compliant manner. Furthermore, guidelines from the US and Australian market are also met, making the EU FSA lucrative for an even wider range of institutions worldwide. Currently, the solution includes all cloud products in the Enterprise plan.

The benefits of the EU FSA for end-users:

  • Comprehensive audit permissions for Atlassian products and service provider AWS

  • Improved recording requirements by Atlassian

  • Atlassian’s commitment to cooperate with regulators

  • Continuation of service after termination or insolvency

 

With the new EU FSA, you finally meet the basic requirement to be able to migrate to the cloud. As an Atlassian Solution Partner, we are happy to offer you the implementation of the cloud migration and subsequent 360° support. We would be happy to advise you in detail on the new EU Financial Services Addendum from Atlassian and compliance with BaFin standards.

In addition, we can provide you with a solution to make your Jira data protection compliant as well: with our tool GDPR (DSGVO) and Security for Jira. With this security suite, you have everything you need in one application to comply with guidelines from DSGVO, CCPA, HIPAA and Co.

 

Contact us now, and we’ll work out with you what you need to migrate BaFin-compliant or use your Jira in a data protection-compliant way.

Claim your free consulting session

  • Tailored consulting for your goals
  • Professional software development and implementation
  • Custom training and onboarding plans
Request consultation

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.

Related Posts

  1. Roles and Responsibilities of a Data Protection Officer
  2. The most common data security pitfalls – and how to avoid them
  3. Order processing according to GDPR article 28
  4. How to comply with the CCPA Right to Know