According to the GDPR principle to only store the PII data as long as it is absolutely needed our data privacy officers asks us to anonymize PII relevant data (like email address and full user name from closed issues after some amount of time, e.g. 1 year, as then it is not longer required for our company to have the information which exact user performed which changes to an issue.
Currently Jira only supports complete anonymization of user data for the complete instance and not only partly based on some parameters/conditions.
So question from us to Atlassian was, how Atlassian supports with their product the GDPR policy of data minimizing/reduction for users that are still active in a instance, so that their older activity could be anonymized while the technical content of such issues is still needed (problem solution, changes made etc.)?
Answer from Atlassian was, that they do not provide a partial/conditional removal/anonymization of PII data functionality. Therefore they created a new suggestion ticket JRASERVER-75714-Anonymize User details based on a Specific Conditions . But as we all now most likely to 100% suggestion tickets are never followed up again by Atlassian.
So our question to the community is, if any other customer have already faces the question of partial/conditional removal/anonymization of PII data? And if yes, how you solved this requirement?
From our end, our understanding are the same as what you described. The only thing I can recommend is for more Jira clients to follow-up with Atlassian to request the functionality adjustment/enhancement.
The only drawback is that any solution that Atlassian offers are typically to be implemented against the CLOUD env first, then they will incorporated into the SERVER/Data Center env.
Best, Joseph Chung Yin
Jira/JSM Functional Lead, Global Technology Applications Team
Viasat Inc.
Thank you for your support on this. Hope that others will also vote and watch our suggestion issue to raise attention for this GDPR topic at Atlassian.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Michael Mohr
We are happy to introduce our app User Data Cleanup. With is app, it can save your time when one user need to remove out of your instance.
Key features of this app include:
Highly customizable and modular: Configure multiple cleanup rules that can be applied to a single or bulk of users. Maximize control over user-specific data cleansing.
Two-Stage Cleanup: Leaving Day & Permanent: Apply a two-stage cleanup process: deactivate, remove, or transfer specific user data on the leaving day, retain necessary information for traceability, and execute a permanent cleanup.
Preview & Retrospect: Cleanup Control: Before performing cleanup actions for single or multiple users, use the Preview to check all planned actions. Use the Retrospect to check previously cleaned data for specific users.
We believe UDC can save you time and effort, and we’d love for you to give it a try. You can find more details and intall our app here. https://marketplace.atlassian.com/apps/1234248/user-data-cleanup-for-jira?hosting=datacenter&tab=overview
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi @Michael Mohr,
you are right, what you are describing is not currently possible with Jira out of the box, no matter the hosting platform.
If I may, let me recommend our app "Data Protection and Security Toolkit", which we developed for this exact use case: detaching personal information from the actual content stored in Jira so you will become compliant to regulations, but can keep the knowledge at the same time. It will solve your issue directly, and many more related scenarios. We offer it for Jira and Confluence on Server/DC and Cloud.
You can find it here: https://marketplace.atlassian.com/search?query=Data%20Protection%20and%20Security%20Toolkit
If you'd like to learn more about it, please book a free demo here: actonic.de/appdemo
Of course, if you have any questions or special requirements, let's hear them. :)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.