Five key steps to ensure GDPR compliance in Jira and Confluence - Actonic – Unfolding your potential
We have outsourced our Atlassian licensing and services business to the newly founded Seibert Solutions GmbH. Actonic's products will be further developed under the usual name.
Read more...

Five key steps to ensure GDPR compliance in Jira and Confluence

By Ruben Jäckle10. August 2022Reading time: 3 minutes

5
(4)

The GDPR is considered one of the strictest data protection regulations in the world. It affects all companies operating both inside and outside the EU that collect personal data from EU citizens. Companies that violate the new regulation, for example by not obtaining their customers' consent for data processing, face a fine of 20 million euros or 4% of their annual global turnover. This is why it is so important to process personal data in a GDPR-compliant manner. Working with Atlassian’s agile tools Jira and Confluence is no exception.

If you have integrated Jira or Confluence into your daily workflow, sooner or later, you will inevitably process personal data. This could be names and addresses in Jira tickets or account numbers and email addresses in Confluence pages. Data protection therefore plays a huge role in the Atlassian ecosystem.

To help you ensure that you are processing personal data in a GDPR-compliant manner, we have compiled a list of five data protection criteria. By adhering to these criteria, you will be on the safe side when it comes to data protection. In addition, we will show you a smart solution for Jira and Confluence to comply with these five criteria.

How to process data in a GDPR-compliant way: Five criteria

1. You communicate the information about your data storage and ask for consent

You may only store personal data with the prior consent of the person concerned. The declaration of consent must be formulated in a comprehensible manner and be easily accessible. A simple withdrawal from the declaration of consent must also be ensured (Article 4 GDPR).

2. You make it clear for which reason the personal data gets processed and for what it is used

If you store personal data, the right of access applies. This states that you must provide the persons whose data you store with information about the data at any time (Article 15 GDPR).

3. Your systems have processes to administer violation reports, the “right to be forgotten” and the “right of access”

If there is a personal data breach, you must notify the data subjects within 72 hours, according to the GDPR. In order to manage this directly, you should have implemented appropriate processes in the company beforehand (Articles 33 and 34 GDPR).

4. You provide the data protection information at the same time of the data collection

Through the “right to information”, data subjects must be informed that their personal data has been collected. This must be done at the time of data collection (Article 13 GDPR).

5. You use pseudonymization for data storage

Data that can be attributed to individuals must be hidden or stored anonymously so that it cannot be easily traced back to the individuals (Article 4 No. 5 GDPR).

These solutions provide the apps for the five GDPR compliance criteria

1. You communicate the information about your data storage and ask for consent

With the apps, you can easily create a privacy policy announcement banner without any HTML knowledge. This way, you can quickly communicate GDPR policies and collect consents.

2. You make it clear for which reason the personal data gets processed and for what it is used

The apps help you to find personal data with just a few clicks and then anonymize or delete it. This means you are always prepared for requests for information.

3. Your systems have processes to administer violation reports, the “right to be forgotten” and the “right of access”

As just mentioned, the app allows you to anonymize data in no time at all, and then you only have to notify the people concerned. You can find out exactly how this works in our video:

How to Anonymize Users in Jira?

4. You provide the data protection information at the same time of the data collection

As mentioned in criterion one, the solution for this is an announcement banner created by the app. This is customizable and could look like this, for example:

5. You use pseudonymization for data storage

You already know that our apps make it easy to anonymize personal data. However, they can do even more: automated user anonymization. With the Data Cleaner module, you can set up rules to anonymize selected data automatically.

Conclusion: Five key steps to ensure GDPR compliance in Jira and Confluence

Data protection can sometimes be complicated. But in Jira and Confluence, GDPR doesn’t have to give you a headache. With the apps Data Protection and Security Toolkit for Jira and Confluence, you always work GDPR-compliant and can check off all mentioned criteria.

Do you want to free yourself from your worries around the topic of GDPR compliance? Then get the apps Data Protection and Security Toolkit for Jira and Confluence now! Test them on the Atlassian Marketplace free of charge for 30 days:

Test Data Protection and Security Toolkit for Jira
Test Data Protection and Security Toolkit for Confluence

Download: GDPR compliance checklist

Our data compliance checklist

  • Six essential GDPR criteria
  • Clearly defined goals to check off
  • Decision support in the transformation process
Get GDPR compliance checklist

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 4

No votes so far! Be the first to rate this post.

Related Posts

  1. How to comply with the CCPA Right to Know
  2. Roles and Responsibilities of a Data Protection Officer
  3. Violation of the protection of personal data in Jira or Confluence – How to deal with data leaks & breaches in a GDPR-compliant way
  4. Be GDPR compliant, Part 2: ensure the right to erasure, find and anonymize PII in Jira
  5. What is China’s Personal Information Protection Law (PIPL)?