Our company plans to use Atlassian software as standard support tools for software development.
We prefer the cloud-based option but according to the European and German laws we have to comply with DPD (Data Protection Directive), and as of May 25th 2018 to GDPR. (General Data Protection Regulation)
All implementations that do not comply are illegal. As of May next year violations can be fined with a maximum of 4% of the violators turn-over!
Yet I don’t see any discussion about this matter. Atlassian still states it does store customer’s data in a location it chooses. Also in the US, with is a violation of both DPD and GDPR.
Please inform me if Atlassian is complying with DPD, and if it is going to comply with GDPR. And how it is done.
Some months ago Atlassian suggested that they are opening their first data center located in Europe. I don't know what happened after, but it may worth some Googling...
OK, I looked this up for you: https://www.atlassian.com/trust/infrastructure
As it says it is "CURRENTLY IN PRIVATE BETA" and:
Atlassian has extended its cloud hosting infrastructure to Ireland. European customers of JIRA or Confluence cloud will benefit from improved performance and other advantages of local data storage.
This step is mainly meant for "user experience improvement"
Storing data in Europe is one condition comply with GDPR, but not the only one.
Atlassian still states it will store all data in a location of their choice.
Meanwhile I got an answer from Atlassians legal office stating: "We are relying on our Privacy Shield certification to satisfy the onward transfer requirements under GDPR”
Our legal department estimates it is not enough to comply.
Same here, I'm told Privacy Shield won't be enough. We need the option to host inside the EU.
The Beta in Europe is in Ireland, so that would solve it, if I understand correctly. But only if Atlassian will guarantee that if you ask for EU data, it will only be held and processed in the Irish centre.
We are by now looking for an alternative. It is a pity because we like the Atlassian products. The way Atlassian behaves seems to show that they do not care about their European business. Maybe to them, it is neglectable, otherwise, they will wake up to customers changing to competitors.
This does generate some work for partners - as a test or demo Cloud system is used by a company, then they realise it's not suitable, they ask us to help migrate them to server. Either their own hosted one, or by one of us that does managed services. It's not the main driver of Cloud to Server migrations, but it's not insignificant.
Have you considered a managed service? (Your comment suggests you don't want to run it yourself)
Have a look at this recent announcement (published Dec 01st, 2017). Although it does not give any additional info regarding the EU data storage it starts with "Atlassian is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect May 25, 2018. "
Hey everyone! My name is Sarah Schuster, and I'm a Customer Success Manager in Atlassian specializing in Jira Software Cloud. Over the next few weeks I will be posting discussion topics (8 total) to ...
Connect with like-minded Atlassian users at free events near you!Find a group
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no AUG chapters near you at the moment.Start an AUG
We're bringing product updates and pro tips on teamwork to ten cities around the world.Save your spot