Did you know that penalties up to 4 % of the yearly company turnover are possible in case of GDPR violations? GDPR regulations are currently mainly relevant for companies in the EU, but countries like Brazil are taking steps in the same direction as well. The list of companies that have already been sanctioned includes European big players like AOK (German insurance company), H&M and VfB (German soccer club), which received penalties ranging from several hundred thousand to more than 35 million euros. This came about, among other things, because customer data was stored and used improperly or because there was no deletion concept or rules for using and maintaining personal data.
Where is the connection between GDPR regulations and Jira in companies?
Many companies use Jira as part of their data storage processes for personal data (also called “PII”: personally identifiable information). They consist of: full names, addresses, e-mail addresses, birthdates, telephone numbers, login data, passwords, bank details etc.
This proves that personal and sensible data can be part of Jira instances in companies and need underlying GDPR settings for PII handling.
Personal data is the new oil on today’s markets. Due to personal data business processes in B2B or B2C market can be carried out quickly and accordingly.
For example: Customer John Doe is sending in some of his PII (name, address, credit card number) to a company to purchase their software license.
This is where Jira comes in play: It can be used as a diverse tool for project management, HR, marketing, sales and so on. It stores diverse data, from customers to employees and could contain the most secure personal data like birthdates, telephone numbers or credit card numbers. In most cases personal data is needed for successful business processes, like in the example above. But, major damage is possible in case of data abuse and data spreading as well. Therefore, it’s important to point out that it’s a personal right to get more insight into storage of personal data and to have the right to erasure (Art. 17 GDPR). Therefore, companies using tools like Jira should enable data processing and deletion according to laws.
Data privacy and GDPR compliance is achieved through data protection officer (DPO) or responsibles and the usage of designated systems, of course with underlying GDPR regulations. Jira offers some useful functions by default, but they are not enough to cover all GDPR needs. A lot has to be done manually and needs monitoring. By using tools that allow checking and editing existing instances and data records, you will be able to set up a GDPR-compliant Jira environment. In the best case: all done automatically, extensively and without errors. Therefore, we definitely recommend using the complete toolkit called GDPR (DSGVO) and Security for Jira from Actonic.
When a GDPR tool is needed in Jira: Scenario 1
Imagine working in an international enterprise, with a dozen of projects, hundreds of employees and thousands if not millions of data elements. If a single customer requests the deletion of his data, employees are responsible to look for tickets related to the customer, to be deleted or anonymized. For some of you this scenario might not be fiction, but reality. This use case does require a tool which is checking issues in Jira automatically and in a time-saving manner, collecting relevant elements and deleting or anonymizing information according to a created rule. The same scenario could take place in case of data deletion from employees or applicants.
When a GDPR tool is needed in Jira: Scenario 2
GDPR is not only concerned with data deletion, but also with announcing GDPR regulations and their approval. So another scenario would be spreading company-relevant information in relation to cookies or regulations for your Jira instance. Maybe you would like to announce new data protection rules for your Jira instance and track, who has accepted it. In case of important changes in those rules you would like to announce them to every user just with one click. Like in scenario 1, you will be in need of a tool that is quickly spreading messages and supports data protection laws in your company.
GDPR (DSGVO) and Security for Jira helps you to achieve GDPR compliance:
Here is a glimpse of our app. As you can see you’re able to set up and activate/deactivate individual templates for data cleaning processes. By doing so, Jira tickets can be cleaned out of personal data for example.
Tools like our app GDPR (DSGVO) and Security for Jira can also be used for other use cases:
Have you spotted some use cases that you would like to easily enable in your Jira instance? Then test our app GDPR (DSGVO) and Security for Jira for free on Atlassian’s Marketplace.
Andrei Pisklenov _Actonic_
Since our last roundup in April, Atlassian's Marketplace Partners have added over 100 new cloud apps to the Atlassian Marketplace to help your teams work more efficiently. Let’s take a quick look a...
Connect with like-minded Atlassian users at free events near you!Find an event
Connect with like-minded Atlassian users at free events near you!
Unfortunately there are no Community Events near you at the moment.Host an event
You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events