GDPR (DSGVO) and Security for Confluence

GDPR (DSVGO) Suite, user anonymizer, information announcement, automatization with Data Rules and much more

Cloud version in development. For full functionality try Server or Data Center version.


Introduction to GDPR (DSVGO)

The GDPR seems to be very complicated, but basically, it's very simple. In the EU every citizen has the rights to his full personal data, at every time! He/she has to be informed, when personal data is involved, what exactly it is used for, he/she has the right to make a request for erasing the data (it has to be removed completely)and, that what's very important, he/she can always make a request to the company and has the right to get, written and clearly where the actual data is involved right now. It is in the responsibility of the company to make that sure.




Read this first, for understanding GDPR 

There are three ways your company can be affected by GDPR Law.

  1.  An employee leaves the company and want's to sue the company, he finds a good lawyer, and they talk about GDPR in Terms of the company
  2. There are plenty of layers that already looking for a possibility to sue a company for making money. So they write a warning to get money 
  3. A client can reach out to the company, with request of getting information in relation to his personal data


 The GDPR Law
Since the 25th May 2018 the law for EU GDPR was enabled. Now every personal data must be treated very carefully.Every kind of personal data, from your employees, your customers or your suppliers has to be traceable, comprehensible and erasable.Now everyone can make an enquiry to your company about which kind of his or her personal data is used in your company for what purpose. Then they make you erase it.To make sure you fulfill every of the requirements within Jira, we developed a specific GDPR tool, that allows you to be prepared for every scenario you have to face, when needed.It combined the functionality of dozens of individual apps with the ease of visual rule builder, because of our experience with Banks and Insurance Companies. In those cases we faced a lot of different scenarios, that are decisive for every other company.Check out our functions with an example for a use case.
Why is it important? The regulation has a significant impact on organizations and how they manage data with some potentially very large penalties for violations – 4% of global revenues. GDPR also impacts on storage, processing, access, transfer, and disclosure of an individual’s data records. Who is affected? This regulation is obligatory for any organization (anywhere in the world) that processes the personal data of EU data subjects.

User Anonymizer

Sometimes you will have to anonymize the content of a specific user, perhaps because he's leaving the company. We build our tool to not only make this possible. We also implemented some other possibilities for specific use cases


Use the options available, to anonymize the user in the sense of specification.

For a more powerful usage of the User Anonymizer there is special option named "Trigger anonymizing user event" that allows to start your custom anonymization functions by using listening to this event. Learn more about how to do it in next article Handle UserAnonymizationEvent.

Information Announcing

This feature is used to enable the user to show and accept your privacy policy or the term of use.


Everyone who is using Confluence leaves some of his own personal data within the system.

According to the law, he or she has to be informed about what the data is used and has the right to agree or disagree with that agreement.

For that case, we build an automatic Information Announcing system.

So you don't have to keep it in your mind, which one of your Confluence users already agreed or not.

Also, every new user gets at first to read the Information Announcing before using Confluence.

With our system, you fulfill the law completely and can prove this information anytime, if you must show it to an overall government instance.


Click on the Information announcement


Create your announcement.

You got fallowing options:

Enabled : by clicking here you enable the announcement

Name : enter the name of the announcement

Type : here you can choose between Optional and required

Title : enter the title of it

Main Text : put here your main text   


Data Level Agreement

GDPR agreement has to be based on reformation your data management practices & data architecture and defining your technology stack or making use of the processors that can help you meet the terms with various touch points of the regulation. We can say like, this is a very powerful tool to automate the deletion process.

Rule Name :  Enter the Name of the Rule

Cron expression : enter the period you wish the rule to be accomplished in

For example: "0 0 1 * * ?" -every day at 1 AM

                      "0 0 12  */7 * ?" -every 7 Days at noon

                       "0 0 12 1* ?"- every month on the 1st, at noon

CQL : Advanced searching using CQL

Examples:

  • siteSearch~"identity Document"
  • space= HR AND lable = cv AND created < now("-4W")

for more Info https://developer.atlassian.com/server/confluence/advanced-searching-using-cql/

Action : you can choose between

  • send a notification via Email
  • add a comment to the page/s
  • delete page
  • set page restrictions, here you have to select a group to those the rules apply

Access Statistics

Overview

  • Track and store all "Page View" events for any user (including anonymous).

  • Provide ability to filter access statistics by space or page in space (who have accessed the page and when).

  • Provide ability to filter access statistics by user (which pages user have seen and when).

  • Store statistics for some configurable period (by default 3 months); the time period is configurable.

  • This feature can be activated and deactivated by the Confluence system administrators.

You can select a filter for the results of the permission monitoring. You can choose from User, Space, Page, Date from/to and Sorting by.

Then click on the blue button "Filter" to see the results

Configuration

Configuration is available on "GDPR and Security for Confluence settings" page.

There are following options:

'Enable Issue access statistics tracking' checkbox allows user to turn this feature off/on. The data will not be logged after checkbox is unchecked. All previous data is saved.

'Purge Issue access log after X day(s)' allows user to set a term of cleaning data

Use cases

Filter access statistics by space or page in space

In case you want to filter access statistics by space or page in space (who have accessed the page and when) you can select a value for 'Space' column and then if needed for 'Page' column. 

'User' column becomes unavailable.

The filter results are shown in a table format. The columns are date, space, page, user, IP address and access type (from the browser or REST API). The app differentiates between a browser call which was made by any browser and REST call which was made for example by a 3rd party application.

Filter access statistics by user

In case you want to filter access statistics by a user (which pages user have seen and when) you can insert value for 'User' column. 

'Space' and 'Page' columns become unavailable.

Download CSV file

Also you are able to download CSV format file with output result. To do this just click on 'Export CSV' button and .csv file will be downloaded on your computer.

View Permissions

We build different GDPR tools to help out the system administrator. In many associations, multiple projects have the same requirements regarding access rights. Our view permission feature prevent having to look up permissions individually for every project or user across the entire Confluence instance. Once a user has view access permission to a project, you will see it in this tool.

There are several ways to verify if someone has a certain permission. But the easiest and fastest one is to use the View Permission tool, if you want to know if a user have access to a project, for this.

You have the choice to filter by User or by Space

Type in the User or the Space you need to see the permissions for 

Permission Monitoring

This tool provides the ability to get all necessary permission for all change events, for example like user creations, user profile changes, user added to a specific Space role, user deleted from Space roles, etc.

You can select a filter for the results of the permission monitoring. You can choose from User, Users in Group, Space, Event type, Date from to and Sorting by.

Profile Visibility

your company provides user guides and admin guides for different clients. Some users have access to space A, some to space B and you don't want to allow users to see each other profiles.

Because user profile contains full name, email, some user activity information (phone optional, location optional) and you want to isolate users of client A from users of client B, in one Confluence.

In this case, it's about custom profile visibility rules.

With this function, any user is able to hide his profile from everyone.

Known Issues

1. Information Announcing. While creating or editing an announcement, there might be an error message in browser console similar to the image below:

 Click here to expand...