GDPR and Security for Jira Server | 1.14.*

Compatibility

Jira Server Jira Data center

Versions

This is the documentation for the latest version

The documentation for the previous versions:

https://actonic.atlassian.net/wiki/spaces/GDPR113

https://actonic.atlassian.net/wiki/spaces/GDPR112

Links

Atlassian Marketplace

Support Portal

Any Questions?

FAQ

Known issues

https://actonic.atlassian.net/wiki/spaces/GDPR114/pages/835420180/3rd+party+anonymization+functions.+Java+API

https://actonic.atlassian.net/wiki/spaces/GDPR114/pages/835256365/Performance+improvement+guide

Ask for demo or support

Table of contents:

Introduction to GDPR (DSVGO)

The GDPR seems to be very complicated, but basically, it's very simple. In the EU every citizen has the rights to his full personal data, at every time! He/she has to be informed, when personal data is involved, what exactly it is used for, he/she has the right to make a request for erasing the data (it has to be removed completely) and, that what's very important, he/she can always make a request to the company and has the right to get a written and clearly defined answer where the actual data is involved right now. It is in the responsibility of the company to make that sure.

Read this first, for understanding GDPR 

There are three ways your company can be affected by GDPR Law.

  1.  An employee leaves the company and wants to sue the company, he finds a good lawyer, and they talk about GDPR in Terms of the company.

  2. There are plenty of lawyers that are already looking for a possibility to sue a company for making money. So they write a warning to get money.

  3. A client can reach out to the company, with a request for getting information in relation to his personal data.

Since the 25th May 2018 the law for EU GDPR has been enabled. Now every personal data must be treated very carefully. Every kind of personal data, from your employees, your customers or your suppliers has to be traceable, comprehensible and erasable. Now everyone can make an inquiry to your company about which kind of his or her personal data is used in your company for what purpose. Then they make you erase it. To make sure you fulfill every of the requirements within Jira, we developed a specific GDPR tool, that allows you to be prepared for every scenario you have to face, when needed. It combined the functionality of dozens of individual apps with the ease of visual rule builder, because of our experience with Banks and Insurance Companies. In those cases, we faced a lot of different scenarios, that are decisive for every other company. Check out our functions with an example for a use case.
Why is it important? The regulation has a significant impact on organizations and how they manage data with some potentially very large penalties for violations – 4% of global revenues. GDPR also impacts on storage, processing, access, transfer, and disclosure of an individual’s data records. Who is affected? This regulation is obligatory for any organization (anywhere in the world) that processes the personal data of EU data subjects.

GDPR and Jira

Every user in Jira leaves a lot of personal data, also depending on the use of Jira, there can be a lot of personal data from customers. With our built-in modules, you can be sure that you have full access to these data and you can at every time, you are asked for, provide users with this information. So you can fulfill the law completely. Also, our modules are built for different scenarios that are possible to happen in relation to personal data. Our experience with banks and insurance companies led us to the development of this add-on, with all the modules, because we faced a lot of different scenarios, in which we had to find a way how to handle data without breaking the law.  So our add-on is based on practical experience.

Currently, we have 6 main modules for different GDPR needs:

Policies, Agreements, Notifications & Announcements

Data cleanup and anonymization

Security breach investigation

Policies, Agreements, Notifications & Announcements

Data cleanup and anonymization

Security breach investigation

Very first step - App configuration

It is strictly required to configure the app before first use. Read about app’s configuration and required data App configuration