Five key steps to ensure GDPR compliance in Jira and Confluence

How to process data in a GDPR-compliant way: Five criteria

1. You communicate the information about your data storage and ask for consent

You may only store personal data with the prior consent of the person concerned. The declaration of consent must be formulated in a comprehensible manner and be easily accessible. A simple withdrawal from the declaration of consent must also be ensured (Article 4 GDPR).

2. You make it clear for which reason the personal data gets processed and for what it is used

If you store personal data, the right of access applies. This states that you must provide the persons whose data you store with information about the data at any time (Article 15 GDPR).

3. Your systems have processes to administer violation reports, the “right to be forgotten” and the “right of access”

If there is a personal data breach, you must notify the data subjects within 72 hours, according to the GDPR. In order to manage this directly, you should have implemented appropriate processes in the company beforehand (Articles 33 and 34 GDPR).

4. You provide the data protection information at the same time of the data collection

Through the “right to information”, data subjects must be informed that their personal data has been collected. This must be done at the time of data collection (Article 13 GDPR).

5. You use pseudonymization for data storage

Data that can be attributed to individuals must be hidden or stored anonymously so that it cannot be easily traced back to the individuals (Article 4 No. 5 GDPR).

These solutions provide the apps for the five GDPR compliance criteria

1. You communicate the information about your data storage and ask for consent

With the apps, you can easily create a privacy policy announcement banner without any HTML knowledge. This way, you can quickly communicate GDPR policies and collect consents.

2. You make it clear for which reason the personal data gets processed and for what it is used

The apps help you to find personal data with just a few clicks and then anonymize or delete it. This means you are always prepared for requests for information.

3. Your systems have processes to administer violation reports, the “right to be forgotten” and the “right of access”

As just mentioned, the app allows you to anonymize data in no time at all, and then you only have to notify the people concerned. You can find out exactly how this works in our video:

4. You provide the data protection information at the same time of the data collection

As mentioned in criterion one, the solution for this is an announcement banner created by the app. This is customizable and could look like this, for example:

5. You use pseudonymization for data storage

You already know that our apps make it easy to anonymize personal data. However, they can do even more: automated user anonymization. With the Data Cleaner module, you can set up rules to anonymize selected data automatically.

Conclusion: Five key steps to ensure GDPR compliance in Jira and Confluence

Data protection can sometimes be complicated. But in Jira and Confluence, GDPR doesn’t have to give you a headache. With the apps Data Protection and Security Toolkit for Jira and Confluence, you always work GDPR-compliant and can check off all mentioned criteria.

Do you want to free yourself from your worries around the topic of GDPR compliance? Then get the apps Data Protection and Security Toolkit for Jira and Confluence now! Test them on the Atlassian Marketplace free of charge for 30 days: