Privacy Shield overturned: how can businesses ensure GDPR compliance? - Actonic – Unfolding your potential
We have outsourced our Atlassian licensing and services business to the newly founded Seibert Solutions GmbH. Actonic's products will be further developed under the usual name.

Privacy Shield overturned: how can businesses ensure GDPR compliance?


The General Data Protection Regulation (GDPR) has been in effect since 2018 and businesses and customers in Europe are slowly but steadily getting accustomed to the idea that personal data is a valuable resource and has to be treated accordingly. However, if you are doing business with or use the services of US companies, the situation may not be that straightforward.

The Dilemma

Currently, all data transfers are regulated by the EU-US Privacy Shield Framework, designed to provide the companies on both sides of the Atlantic with a way to comply with data protection requirements. However, according to the US surveillance laws, all protection is limited to US persons, while the data of foreign citizens are not covered by the American data protection acts. Thus, American data protection laws clash with the fundamental rights of European citizens. Dealing with American companies, you never know whether your business is under surveillance and have no control over your data. It is obvious that the level of data protection in the USA is not sufficient according to European standards. The issue has finally been recognized and addressed by the Court of Justice of the European Union (CJEU). This summer CJEU invalidated Privacy Shield, which means that US companies may not use Standard Contractual Clauses (SCC) to transfer data.

The Implications

The annulment of the EU-US agreement has serious implications. This is especially true for small and medium-sized companies that relied heavily on cloud services. Such companies now need to check whether their cloud service providers process personal data in third countries and on what basis – only to find out that they are not fully compliant anymore. While legislators are trying to work out some legal base for the transfer of personal data from Europe to the United States, many businesses realize that it is unwise to rely solely on large IT companies from China and the USA and are looking for server and data centre solutions.

The Solution

If you, like many others, are searching for a server/data center solution for the Atlassian ecosystem that will help you ensure the GDPR compliance, check out our Data Protection and Security Toolkit for Jira and Data Protection and Security Toolkit for Confluence. It contains a number of modules that will help you to:

  • Handle announcements
  • Get consent
  • Anonymize personal data
  • Access statistics
  • And more – everything you need to cover your requirements.



Let’s stay in touch!

Follow us on LinkedIn, Facebook and Twitter, and subscribe to our newsletter to get regular updates, tips and special offers delivered directly to your mailbox.

CCPA, GDPR, HIPAA and more: easily manage all of them!

  • Handle all sensitive and personal data
  • Be safe with risk-free data protection
  • Also ready for: CCPA, HIPAA, LGPD, etc.
Go to Atlassian Marketplace

How useful was this post?

Click on a star to rate it!

Average rating 5 / 5. Vote count: 1

No votes so far! Be the first to rate this post.