EBA, BaFin and the problem with the cloud
To understand the added value of Atlassian’s update, let’s first understand the issues that have been bothering many companies in Europe so far. Within the European Economic Area, the EBA ensures that data protection guidelines are met. BaFin is a national financial market supervisory authority in Germany and is one of the strictest in the world. Although end-users are benefitting from it, the regulations result in difficulties for organizations that want to work with the Atlassian Cloud.
Although cloud services can be set up internally, the EBA and BaFin see the services as outsourcing. As a result, they must be supervised equally to other internal services. This is the only way to ensure data protection beyond the affected institution.
Until recently, however, EBA- and BaFin-regulated companies were unable to use cloud products in a way that met the strict guidelines.
Time for some innovation, right?
Atlassian’s solution for cloud compliance with EU FSA
On December 6th, 2021, the long-awaited update arrived: an EU Financial Services Addendum (FSA). This is an update to the order processing agreement (AV) or DPA (data processing addendum). The new version also establishes control over the location and processing of data in the Atlassian Cloud. Customers are also granted extended control permissions to comply with EBA and BaFin guidelines. This update will finally enable regulated companies in the financial or insurance sector to use Atlassian’s Cloud products in a fully EBA and BaFin compliant manner. Furthermore, guidelines from the US and Australian market are also met, making the EU FSA lucrative for an even wider range of institutions worldwide. Currently, the solution includes all cloud products in the Enterprise plan.
The benefits of the EU FSA for end-users:
Comprehensive audit permissions for Atlassian products and service provider AWS
Improved recording requirements by Atlassian
Atlassian’s commitment to cooperate with regulators
Continuation of service after termination or insolvency
With the new EU FSA, you finally meet the basic requirement to be able to migrate to the cloud. As an Atlassian Solution Partner, we are happy to offer you the implementation of the cloud migration and subsequent 360° support. We would be happy to advise you in detail on the new EU Financial Services Addendum from Atlassian and compliance with BaFin standards.
In addition, we can provide you with a solution to make your Jira data protection compliant as well: with our tool GDPR (DSGVO) and Security for Jira. With this security suite, you have everything you need in one application to comply with guidelines from DSGVO, CCPA, HIPAA and Co.
Contact us now, and we’ll work out with you what you need to migrate BaFin-compliant or use your Jira in a data protection-compliant way.