According to the GDPR principle to only store the PII data as long as it is absolutely needed our data privacy officers asks us to anonymize PII relevant data (like email address and full user name from closed issues after some amount of time, e.g. 1 year, as then it is not longer required for our company to have the information which exact user performed which changes to an issue.
Currently Jira only supports complete anonymization of user data for the complete instance and not only partly based on some parameters/conditions.
So question from us to Atlassian was, how Atlassian supports with their product the GDPR policy of data minimizing/reduction for users that are still active in a instance, so that their older activity could be anonymized while the technical content of such issues is still needed (problem solution, changes made etc.)?
Answer from Atlassian was, that they do not provide a partial/conditional removal/anonymization of PII data functionality. Therefore they created a new suggestion ticket JRASERVER-75714-Anonymize User details based on a Specific Conditions . But as we all now most likely to 100% suggestion tickets are never followed up again by Atlassian.
So our question to the community is, if any other customer have already faces the question of partial/conditional removal/anonymization of PII data? And if yes, how you solved this requirement?
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.