GDPR (DSGVO) and Security for Confluence

GDPR (DSVGO) Suite, user anonymizer, information announcement, automatization with Data Rules and much more

Introduction to GDPR (DSVGO)

The GDPR seems to be very complicated, but basically, it's very simple. In the EU every citizen has the rights to his full personal data, at every time! He/she has to be informed, when personal data is involved, what exactly it is used for, he/she has the right to make a request for erasing the data (it has to be removed completely)and, that what's very important, he/she can always make a request to the company and has the right to get, written and clearly where the actual data is involved right now. It is in the responsibility of the company to make that sure.




User Anonymizer

Sometimes you will have to anonymize the content of a specific user, perhaps because he's leaving the company. We build our tool to not only make this possible. We also implemented some other possibilities for specific use cases


Use the options available, to anonymize the user in the sense of specification 

Information Announcing

This feature is used to enable the user to show and accept your privacy policy or the term of use.


Everyone who is using Confluence leaves some of his own personal data within the system.

According to the law, he or she has to be informed about what the data is used and has the right to agree or disagree with that agreement.

For that case, we build an automatic Information Announcing system.

So you don't have to keep it in your mind, which one of your Confluence users already agreed or not.

Also, every new user gets at first to read the Information Announcing before using Confluence.

With our system, you fulfill the law completely and can prove this information anytime, if you must show it to an overall government instance.


Click on the Information announcement


Create your announcement.

You got fallowing options:

Enabled : by clicking here you enable the announcement

Name : enter the name of the announcement

Type : here you can choose between Optional and required

Title : enter the title of it

Main Text : put here your main text   


Data Level Agreement

GDPR agreement has to be based on reformation your data management practices & data architecture and defining your technology stack or making use of the processors that can help you meet the terms with various touch points of the regulation. We can say like, this is a very powerful tool to automate the deletion process.

Rule Name :  Enter the Name of the Rule

Cron expression : enter the period you wish the rule to be accomplished in

For example: "0 0 1 * * ?" -every day at 1 AM

                      "0 0 12  */7 * ?" -every 7 Days at noon

                       "0 0 12 1* ?"- every month on the 1st, at noon

CQL : Advanced searching using CQL

Examples:

  • siteSearch~"identity Document"
  • space= HR AND lable = cv AND created < now("-4W")

for more Info https://developer.atlassian.com/server/confluence/advanced-searching-using-cql/

Action : you can choose between

  • send a notification via Email
  • add a comment to the page/s
  • delete page
  • set page restrictions, here you have to select a group to those the rules apply

Access Statistics

Overview

  • Track and store all "Page View" events for any user (including anonymous).

  • Provide ability to filter access statistics by space or page in space (who have accessed the page and when).

  • Provide ability to filter access statistics by user (which pages user have seen and when).

  • Store statistics for some configurable period (by default 3 months); the time period is configurable.

  • This feature can be activated and deactivated by the Confluence system administrators.

You can select a filter for the results of the permission monitoring. You can choose from User, Space, Page, Date from/to and Sorting by.

Then click on the blue button "Filter" to see the results

Configuration

Configuration is available on "GDPR and Security for Confluence settings" page.

There are following options:

'Enable Issue access statistics tracking' checkbox allows user to turn this feature off/on. The data will not be logged after checkbox is unchecked. All previous data is saved.

'Purge Issue access log after X day(s)' allows user to set a term of cleaning data

Use cases

Filter access statistics by space or page in space

In case you want to filter access statistics by space or page in space (who have accessed the page and when) you can select a value for 'Space' column and then if needed for 'Page' column. 

'User' column becomes unavailable.

The filter results are shown in a table format. The columns are date, space, page, user, IP address and access type (from the browser or REST API). The app differentiates between a browser call which was made by any browser and REST call which was made for example by a 3rd party application.

Filter access statistics by user

In case you want to filter access statistics by a user (which pages user have seen and when) you can insert value for 'User' column. 

'Space' and 'Page' columns become unavailable.

Download CSV file

Also you are able to download CSV format file with output result. To do this just click on 'Export CSV' button and .csv file will be downloaded on your computer.

View Permissions

We build different GDPR tools to help out the system administrator. In many associations, multiple projects have the same requirements regarding access rights. Our view permission feature prevent having to look up permissions individually for every project or user across the entire Confluence instance. Once a user has view access permission to a project, you will see it in this tool.

There are several ways to verify if someone has a certain permission. But the easiest and fastest one is to use the View Permission tool, if you want to know if a user have access to a project, for this.

You have the choice to filter by User or by Space

Type in the User or the Space you need to see the permissions for 

Permission Monitoring

This tool provides the ability to get all necessary permission for all change events, for example like user creations, user profile changes, user added to a specific Space role, user deleted from Space roles, etc.

You can select a filter for the results of the permission monitoring. You can choose from User, Users in Group, Space, Event type, Date from to and Sorting by.

Profile Visibility

your company provides user guides and admin guides for different clients. Some users have access to space A, some to space B and you don't want to allow users to see each other profiles.

Because user profile contains full name, email, some user activity information (phone optional, location optional) and you want to isolate users of client A from users of client B, in one Confluence.

In this case, it's about custom profile visibility rules.

With this function, any user is able to hide his profile from everyone.

Known Issues

1. Information Announcing. While creating or editing an announcement, there might be an error message in browser console similar to the image below: