Hi all,
I am reaching out to determine if any other companies using Atlassian are registering for the Privacy Shield and how that is impacting your relationship with Atlassian. For those who aren't fully up to speed, the Privacy Shield is the program replacing the EU-US Safe Harbor standard - basically, it is a new standard that establishes control requirements for US-based companies to implement to protect the personal data of EU citizens. It should be noted that the EU defines personal data very liberally, meaning a simple transfer of an person's name along with their email address would qualify as a transfer of PII and be subject to the Privacy Shield.
A key difference in the Privacy Shield compared to the "Safe Harbor" standards is that if you register for Privacy Shield and transfer any EU citizens' data to a third-party, you are responsible to get that third-party to agree contractually to adhere to the Privacy Shield controls. If your use of Atlassian products includes transferring or potentially transferring the personal data of EU citizens to any Atlassian product hosted by Atlassian, you would need Atlassian to agree in your contract to adhere to the Privacy Shield standard of controls.
So far, Atlassian has not provided any concrete answer about whether they will be able to support Privacy Shield controls. The only answer they've given me is that they offer the "BTF" (behind the firewall) product where we would basically host our own instance within our own data center or colocation facility. It is my belief that my company is by no means the only Atlassian customer who faces the Privacy Shield registration and I am interested to see what other customers are doing to address this compliance issue. Are any other companies in discussions with Atlassian about getting their agreement to adhere to the Privacy Shield requirements?
Andrew
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.