Hi all,
My name is Kelly and I’m the Head of Privacy at Atlassian! In the 3 years since I’ve joined Atlassian, coincidentally right after GDPR went into effect, the world of data privacy and legislation has really become a game-changer. If you feel like privacy laws are evolving quickly, you’re not alone. Even in the last year, we saw the Schrems II ruling invalidate the EU-US Privacy Shield and the Court of Justice of the European Union first confirm and then the European Commission update the Standard Contractual Clauses (SCCs) to ensure personal data transferred out of the EU continues to remain compliant with GDPR.
It can be a whirlwind for all organizations involved, which is why our team is always focused on creating transparent policies that handle data based on what’s in the best interest of our customers and offers them the tools they need to perform their own risk assessments. In response to the latest SCCs update, we’ve updated our Data Processing Addendum (DPA) to incorporate the updated SCCs and European Data Protection Board guidance, including:
Additional details on where, when, and how we handle our customers' personal data
Greater transparency about the measures we’ve put in place to protect against government requests for a customer’s personal data
Necessary materials for customers to do a risk assessment commonly referred to as a data transfer impact assessment
We’ve regularly heard from customers how complicated it is to navigate this always-evolving landscape and wanted to open this forum up to help you understand how Atlassian meets these requirements.
Here's how it works:
Add your questions below any time during the month of October. Be sure to take a look at other community member’s questions and up-vote those that you find interesting.
You can expect to see answers from me and my team rolling in on a weekly basis. Watch the page and be ready to add follow-up questions and discuss further with other Community members.
Note: The information provided by Atlassian here is not legal advice. Customers are responsible for making their own independent risk and data privacy assessments.
Cheers,
Kelly
Hi @Kgert
We've found some Cloud feature planned for future releases (https://www.atlassian.com/roadmap/cloud?status=future&selectedProduct=&search=data%20leak):
Data leak prevention
Jira Software, Confluence, Jira Service ManagementTools to help you identify, quarantine, and remediate sensitive data in our products
1. Do you have any details about this functionality?
2. Is it connected with GDPR?
Hi @Andrei Pisklenov _Actonic_
1. We don't yet have details to share on the Data Leak Prevention (DLP)feature. We are starting explore the customer requirements for it and once we have a clearer idea, we will have more to share.
2. No, DLP is not directly connected to GDPR. Atlassian cloud products and platform are fully compliant with GDPR. Any new capabilities we develop will also be GDPR compliant out of the box.
Hope that helps!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Kgert , when can we expect a reply from you or your team?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @marc -Collabello--Phase Locked- please see our answers below:
Hope that clarifies things a bit more!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Kgert ,
I've got some questions regarding GDPR and data privacy:
Recommendations on supplementary measures for GDPR? I think this is needed, especially with regard to storage of user account data in the US and data residency.
Assistance and Access Act 2018 . How is that compatible with GDPR? Can you elaborate which laws stand above which? I.e. is Atlassian going to follow Australian law with the Assistance and Access Act, or is Atlassian going to follow EU law with regards to EU data?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.