Forums
Home Product Q&A Discussion groups Articles Ask a question Search
Learning
Events
Champions

Forums

Articles
Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Atlassian does not respect the General Data Protection Regulation (GDPR)

Shroomy
Shroomy
Contributor
August 18, 2023

In Jira, there is no way to delete users or anonymize users in bulk. In fact, there is no function at all that allows deleting of more than one user at a time.

You can delete users one by one, but even if you do you will still have to go through the tedious process of removing all associations for the user. That is; remove all comments made by the user, re-assign all issues assigned to the user, and remove all reported issues by the user. Imagine doing this for 4000+ service desk customers...

For large amounts of users, it is so tedious to delete them that I would argue it is unrealistic to imagine that any company at all would actually do this. If Jira has such limited user management it kind of beats the purpose of using the software, unless you don't care about GDPR.

Sure, there are probably ways to go about this using third-party apps or API scripting, but as a main product, Jira is by far from ready for GDPR, even though the regulation came into effect 5 years ago.

One can argue that it is theoretically possible to delete large amounts of users. But if the effort it takes is so demanding that it is unrealistic to expect any company to do so, then one can hardly argue that Jira is built with "Privacy by Design" as stated here.

This leads me to the statement "Atlassian does not respect the General Data Protection Regulation (GDPR)". If they did, deleting (or anonymizing) users would be of main concern. Instead, Atlassian spends time developing whiteboards, dark mode, and other features. Atlassian can obviously prioritize this, but they choose not to do so.

Because of this, I am compelled to report the software as "at risk of violating GDPR" in our internal risk assessment. It doesn't reflect well on Atlassian and I really hope they will make this a priority soon.

To be honest, over the years I have come to love Atlassian products. I am not writing this because I have nothing against Atlassian. On the contrary, it is because I love working with them that I genuinely care about this issue.

Answer
Watch
Like Nik Surmanidze _Actonic_ likes this
976 views

1 answer

1 vote
Dan Breyen
Dan Breyen
Community Champion
August 18, 2023

I found these articles on Atlassian's site regarding GDPR and Anonymizing users.  I hope it helps address your concerns: Anonymizing Users GDPR europe-and-gdpr +

Hope that helps.  I would suggest raising your concerns directly to Support (support.atlassian.com/contact), so they can be addressed directly.

Reply

Suggest an answer

Log in or Sign up to answer
Jira
Jira
TAGS
AUG Leaders

Atlassian Community Events

    See all events
    Community
    Forums
    FAQs Forums guidelines
    Learning
    About learning Resources
    Events
    Champions
    Copyright © 2025 Atlassian
    Privacy Policy Notice at Collection Terms Security