Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Celebration

Earn badges and make progress

You're on your way to the next level! Join the Kudos program to earn points and save your progress.

Deleted user Avatar
Deleted user

Level 1: Seed

25 / 150 points

Next: Root

Avatar

1 badge earned

Collect

Participate in fun challenges

Challenges come and go, but your rewards stay with you. Do more to earn more!

Challenges
Coins

Gift kudos to your peers

What goes around comes around! Share the love by gifting kudos to your peers.

Recognition
Ribbon

Rise up in the ranks

Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!

Leaderboard

Come for the products,
stay for the community

The Atlassian Community can help you and your team get more value out of Atlassian products and practices.

Atlassian Community about banner
4,460,432
Community Members
 
Community Events
176
Community Groups

Why everyone using Jira must be GDPR-compliant

Why-everyone-using-Jira-must-be-GDPR-compliant-EN-800x400.jpg

Did you know that penalties up to 4 % of the yearly company turnover are possible in case of GDPR violations? GDPR regulations are currently mainly relevant for companies in the EU, but countries like Brazil are taking steps in the same direction as well. The list of companies that have already been sanctioned includes European big players like AOK (German insurance company), H&M and VfB (German soccer club), which received penalties ranging from several hundred thousand to more than 35 million euros. This came about, among other things, because customer data was stored and used improperly or because there was no deletion concept or rules for using and maintaining personal data.

Where is the connection between GDPR regulations and Jira in companies?

Many companies use Jira as part of their data storage processes for personal data (also called “PII”: personally identifiable information). They consist of: full names, addresses, e-mail addresses, birthdates, telephone numbers, login data, passwords, bank details etc.

  • Customers create tickets, which contain personal data like login data (e.g. in support)
  • Applicants send in applications via Jira issue collector
  • Potential customers send in requests for licenses and fill out company or bank details
  • Relevant data is shared company-wide and maybe even internationally between teams

This proves that personal and sensible data can be part of Jira instances in companies and need underlying GDPR settings for PII handling.

Why you should be GDPR-compliant, especially when using Jira

Personal data is the new oil on today’s markets. Due to personal data business processes in B2B or B2C market can be carried out quickly and accordingly.

For example: Customer John Doe is sending in some of his PII (name, address, credit card number) to a company to purchase their software license.

This is where Jira comes in play: It can be used as a diverse tool for project management, HR, marketing, sales and so on. It stores diverse data, from customers to employees and could contain the most secure personal data like birthdates, telephone numbers or credit card numbers. In most cases personal data is needed for successful business processes, like in the example above. But, major damage is possible in case of data abuse and data spreading as well. Therefore, it’s important to point out that it’s a personal right to get more insight into storage of personal data and to have the right to erasure (Art. 17 GDPR). Therefore, companies using tools like Jira should enable data processing and deletion according to laws.

How does GDPR-compliance in Jira look like and how to achieve it?

Data privacy and GDPR compliance is achieved through data protection officer (DPO) or responsibles and the usage of designated systems, of course with underlying GDPR regulations. Jira offers some useful functions by default, but they are not enough to cover all GDPR needs. A lot has to be done manually and needs monitoring. By using tools that allow checking and editing existing instances and data records, you will be able to set up a GDPR-compliant Jira environment. In the best case: all done automatically, extensively and without errors. Therefore, we definitely recommend using the complete toolkit called GDPR (DSGVO) and Security for Jira from Actonic.

When a GDPR tool is needed in Jira: Scenario 1

Imagine working in an international enterprise, with a dozen of projects, hundreds of employees and thousands if not millions of data elements. If a single customer requests the deletion of his data, employees are responsible to look for tickets related to the customer, to be deleted or anonymized. For some of you this scenario might not be fiction, but reality. This use case does require a tool which is checking issues in Jira automatically and in a time-saving manner, collecting relevant elements and deleting or anonymizing information according to a created rule. The same scenario could take place in case of data deletion from employees or applicants.

When a GDPR tool is needed in Jira: Scenario 2

GDPR is not only concerned with data deletion, but also with announcing GDPR regulations and their approval. So another scenario would be spreading company-relevant information in relation to cookies or regulations for your Jira instance. Maybe you would like to announce new data protection rules for your Jira instance and track, who has accepted it. In case of important changes in those rules you would like to announce them to every user just with one click. Like in scenario 1, you will be in need of a tool that is quickly spreading messages and supports data protection laws in your company.

GDPR (DSGVO) and Security for Jira helps you to achieve GDPR compliance:

  • Get insights into data records, storage period and which data is stored in detail
  • Search for specific data, for example in single projects or tickets
  • Extensive and controlled deletion of personal or sensitive data (right to erasure)
  • Extensive deletion without manual tasks for employees
  • Create rules and templates for data search and deletion, with the possibility to customize them completely

Here is a glimpse of our app. As you can see you’re able to set up and activate/deactivate individual templates for data cleaning processes. By doing so, Jira tickets can be cleaned out of personal data for example.

Tools like our app GDPR (DSGVO) and Security for Jira can also be used for other use cases:

  • informing users about changes in data regulations and asking for approval
  • company-wide communication channel for guidelines and changes
  • getting consent for different guidelines, cookies or GDPR regulation
  • processing recurring tasks, for example anonymizing specific data regularly
  • quick and easy communication and documentation
  • and many more

Have you spotted some use cases that you would like to easily enable in your Jira instance? Then test our app GDPR (DSGVO) and Security for Jira for free on Atlassian’s Marketplace.

 

2 comments

Great article. Well written and informative

Great article!

 

It´s very well mentioned Brazil as a country where data privacy is taking shape, the LGPD is already in effect. Our LGPD is based on GDPR and from 2020 on was started a need to compliance for many companies. Happy to work with tools where we can provide to our customers a way of tracking and monitoring leaks and ensuring the privacy of personal data.

Comment

Log in or Sign up to comment
TAGS

Atlassian Community Events