You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
My name is Kelly and I’m the Head of Privacy at Atlassian! In the 3 years since I’ve joined Atlassian, coincidentally right after GDPR went into effect, the world of data privacy and legislation has really become a game-changer. If you feel like privacy laws are evolving quickly, you’re not alone. Even in the last year, we saw the Schrems II ruling invalidate the EU-US Privacy Shield and the Court of Justice of the European Union first confirm and then the European Commission update the Standard Contractual Clauses (SCCs) to ensure personal data transferred out of the EU continues to remain compliant with GDPR.
It can be a whirlwind for all organizations involved, which is why our team is always focused on creating transparent policies that handle data based on what’s in the best interest of our customers and offers them the tools they need to perform their own risk assessments. In response to the latest SCCs update, we’ve updated our Data Processing Addendum (DPA) to incorporate the updated SCCs and European Data Protection Board guidance, including:
Additional details on where, when, and how we handle our customers' personal data
Greater transparency about the measures we’ve put in place to protect against government requests for a customer’s personal data
Necessary materials for customers to do a risk assessment commonly referred to as a data transfer impact assessment
We’ve regularly heard from customers how complicated it is to navigate this always-evolving landscape and wanted to open this forum up to help you understand how Atlassian meets these requirements.
Here's how it works:
Add your questions below any time during the month of October. Be sure to take a look at other community member’s questions and up-vote those that you find interesting.
You can expect to see answers from me and my team rolling in on a weekly basis. Watch the page and be ready to add follow-up questions and discuss further with other Community members.
Note: The information provided by Atlassian here is not legal advice. Customers are responsible for making their own independent risk and data privacy assessments.
We've found some Cloud feature planned for future releases (https://www.atlassian.com/roadmap/cloud?status=future&selectedProduct=&search=data%20leak):
Data leak prevention
Jira Software, Confluence, Jira Service Management
Tools to help you identify, quarantine, and remediate sensitive data in our products
1. Do you have any details about this functionality?
2. Is it connected with GDPR?
1. We don't yet have details to share on the Data Leak Prevention (DLP)feature. We are starting explore the customer requirements for it and once we have a clearer idea, we will have more to share.
2. No, DLP is not directly connected to GDPR. Atlassian cloud products and platform are fully compliant with GDPR. Any new capabilities we develop will also be GDPR compliant out of the box.
Hope that helps!
Hi @marc -Collabello--Phase Locked- please see our answers below:
Hope that clarifies things a bit more!
Hi @Kgert ,
I've got some questions regarding GDPR and data privacy:
Recommendations on supplementary measures for GDPR? I think this is needed, especially with regard to storage of user account data in the US and data residency.
Assistance and Access Act 2018 . How is that compatible with GDPR? Can you elaborate which laws stand above which? I.e. is Atlassian going to follow Australian law with the Assistance and Access Act, or is Atlassian going to follow EU law with regards to EU data?