Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in

Missing functionality of partial/conditional removal/anonymization of PII data (GDPR)

Michael Mohr May 16, 2023

According to the GDPR principle to only store the PII data as long as it is absolutely needed our data privacy officers asks us to anonymize PII relevant data (like email address and full user name from closed issues after some amount of time, e.g. 1 year, as then it is not longer required for our company to have the information which exact user performed which changes to an issue.

Currently Jira only supports complete anonymization of user data for the complete instance and not only partly based on some parameters/conditions.

So question from us to Atlassian was, how Atlassian supports with their product the GDPR policy of data minimizing/reduction for users that are still active in a instance, so that their older activity could be anonymized while the technical content of such issues is still needed (problem solution, changes made etc.)?

Answer from Atlassian was, that they do not provide a partial/conditional removal/anonymization of PII data functionality. Therefore they created a new suggestion ticket JRASERVER-75714-Anonymize User details based on a Specific Conditions . But as we all now most likely to 100% suggestion tickets are never followed up again by Atlassian.

So our question to the community is, if any other customer have already faces the question of partial/conditional removal/anonymization of PII data? And if yes, how you solved this requirement?

3 answers

1 vote
Joseph Chung Yin
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 16, 2023

@Michael Mohr -

From our end, our understanding are the same as what you described.  The only thing I can recommend is for more Jira clients to follow-up with Atlassian to request the functionality adjustment/enhancement.

The only drawback is that any solution that Atlassian offers are typically to be implemented against the CLOUD env first, then they will incorporated into the SERVER/Data Center env.

Best, Joseph Chung Yin

Jira/JSM Functional Lead, Global Technology Applications Team

Viasat Inc.

Michael Mohr May 19, 2023

Thank you for your support on this. Hope that others will also vote and watch our suggestion issue to raise attention for this GDPR topic at Atlassian.

0 votes
Dang Thi Thuy Tien
Rising Star
Rising Star
Rising Stars are recognized for providing high-quality answers to other users. Rising Stars receive a certificate of achievement and are on the path to becoming Community Leaders.
June 5, 2024

Hi @Michael Mohr
We are happy to introduce our app User Data Cleanup. With is app, it can save your time when one user need to remove out of your instance.

Key features of this app include:

  • Highly customizable and modular: Configure multiple cleanup rules that can be applied to a single or bulk of users. Maximize control over user-specific data cleansing.

  • Two-Stage Cleanup: Leaving Day & Permanent: Apply a two-stage cleanup process: deactivate, remove, or transfer specific user data on the leaving day, retain necessary information for traceability, and execute a permanent cleanup.

  • Preview & Retrospect: Cleanup Control: Before performing cleanup actions for single or multiple users, use the Preview to check all planned actions. Use the Retrospect to check previously cleaned data for specific users.

We believe UDC can save you time and effort, and we’d love for you to give it a try. You can find more details and intall our app here. https://marketplace.atlassian.com/apps/1234248/user-data-cleanup-for-jira?hosting=datacenter&tab=overview

0 votes
Andreas Springer _Actonic_
Community Leader
Community Leader
Community Leaders are connectors, ambassadors, and mentors. On the online community, they serve as thought leaders, product experts, and moderators.
May 19, 2023

Hi @Michael Mohr,

you are right, what you are describing is not currently possible with Jira out of the box, no matter the hosting platform.

If I may, let me recommend our app "Data Protection and Security Toolkit", which we developed for this exact use case: detaching personal information from the actual content stored in Jira so you will become compliant to regulations, but can keep the knowledge at the same time. It will solve your issue directly, and many more related scenarios. We offer it for Jira and Confluence on Server/DC and Cloud.

You can find it here: https://marketplace.atlassian.com/search?query=Data%20Protection%20and%20Security%20Toolkit

If you'd like to learn more about it, please book a free demo here: actonic.de/appdemo

Of course, if you have any questions or special requirements, let's hear them. :)

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.20.13
TAGS
AUG Leaders

Atlassian Community Events