Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
badges earned

Your Points Tracker
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

Why everyone using Jira must be GDPR-compliant


Did you know that penalties up to 4 % of the yearly company turnover are possible in case of GDPR violations? GDPR regulations are currently mainly relevant for companies in the EU, but countries like Brazil are taking steps in the same direction as well. The list of companies that have already been sanctioned includes European big players like AOK (German insurance company), H&M and VfB (German soccer club), which received penalties ranging from several hundred thousand to more than 35 million euros. This came about, among other things, because customer data was stored and used improperly or because there was no deletion concept or rules for using and maintaining personal data.

Where is the connection between GDPR regulations and Jira in companies?

Many companies use Jira as part of their data storage processes for personal data (also called “PII”: personally identifiable information). They consist of: full names, addresses, e-mail addresses, birthdates, telephone numbers, login data, passwords, bank details etc.

  • Customers create tickets, which contain personal data like login data (e.g. in support)
  • Applicants send in applications via Jira issue collector
  • Potential customers send in requests for licenses and fill out company or bank details
  • Relevant data is shared company-wide and maybe even internationally between teams

This proves that personal and sensible data can be part of Jira instances in companies and need underlying GDPR settings for PII handling.

Why you should be GDPR-compliant, especially when using Jira

Personal data is the new oil on today’s markets. Due to personal data business processes in B2B or B2C market can be carried out quickly and accordingly.

For example: Customer John Doe is sending in some of his PII (name, address, credit card number) to a company to purchase their software license.

This is where Jira comes in play: It can be used as a diverse tool for project management, HR, marketing, sales and so on. It stores diverse data, from customers to employees and could contain the most secure personal data like birthdates, telephone numbers or credit card numbers. In most cases personal data is needed for successful business processes, like in the example above. But, major damage is possible in case of data abuse and data spreading as well. Therefore, it’s important to point out that it’s a personal right to get more insight into storage of personal data and to have the right to erasure (Art. 17 GDPR). Therefore, companies using tools like Jira should enable data processing and deletion according to laws.

How does GDPR-compliance in Jira look like and how to achieve it?

Data privacy and GDPR compliance is achieved through data protection officer (DPO) or responsibles and the usage of designated systems, of course with underlying GDPR regulations. Jira offers some useful functions by default, but they are not enough to cover all GDPR needs. A lot has to be done manually and needs monitoring. By using tools that allow checking and editing existing instances and data records, you will be able to set up a GDPR-compliant Jira environment. In the best case: all done automatically, extensively and without errors. Therefore, we definitely recommend using the complete toolkit called GDPR (DSGVO) and Security for Jira from Actonic.

When a GDPR tool is needed in Jira: Scenario 1

Imagine working in an international enterprise, with a dozen of projects, hundreds of employees and thousands if not millions of data elements. If a single customer requests the deletion of his data, employees are responsible to look for tickets related to the customer, to be deleted or anonymized. For some of you this scenario might not be fiction, but reality. This use case does require a tool which is checking issues in Jira automatically and in a time-saving manner, collecting relevant elements and deleting or anonymizing information according to a created rule. The same scenario could take place in case of data deletion from employees or applicants.

When a GDPR tool is needed in Jira: Scenario 2

GDPR is not only concerned with data deletion, but also with announcing GDPR regulations and their approval. So another scenario would be spreading company-relevant information in relation to cookies or regulations for your Jira instance. Maybe you would like to announce new data protection rules for your Jira instance and track, who has accepted it. In case of important changes in those rules you would like to announce them to every user just with one click. Like in scenario 1, you will be in need of a tool that is quickly spreading messages and supports data protection laws in your company.

GDPR (DSGVO) and Security for Jira helps you to achieve GDPR compliance:

  • Get insights into data records, storage period and which data is stored in detail
  • Search for specific data, for example in single projects or tickets
  • Extensive and controlled deletion of personal or sensitive data (right to erasure)
  • Extensive deletion without manual tasks for employees
  • Create rules and templates for data search and deletion, with the possibility to customize them completely

Here is a glimpse of our app. As you can see you’re able to set up and activate/deactivate individual templates for data cleaning processes. By doing so, Jira tickets can be cleaned out of personal data for example.

Tools like our app GDPR (DSGVO) and Security for Jira can also be used for other use cases:

  • informing users about changes in data regulations and asking for approval
  • company-wide communication channel for guidelines and changes
  • getting consent for different guidelines, cookies or GDPR regulation
  • processing recurring tasks, for example anonymizing specific data regularly
  • quick and easy communication and documentation
  • and many more

Have you spotted some use cases that you would like to easily enable in your Jira instance? Then test our app GDPR (DSGVO) and Security for Jira for free on Atlassian’s Marketplace.


1 comment

Great article. Well written and informative


Log in or Sign up to comment
Community showcase
Published in Marketplace Apps & Integrations

New cloud apps roundup - June 2021

Since our last roundup in April, Atlassian's Marketplace Partners have added over 100 new cloud apps to the Atlassian Marketplace to help your teams work more efficiently. Let’s take a quick look a...

487 views 6 12
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you