veniture Blog

This is how you successfully anonymize personal data within Atlassian

Written by Volker Blum | Aug 10, 2023 12:31:19 PM

Ensuring GDPR-compliant data cleansing on your server

In today's digital realm, safeguarding personal data has become more critical than ever. Particularly when dealing with sensitive information, prioritizing data protection has become a non-negotiable. To ensure user privacy, adhering to the EU's General Data Protection Regulation (GDPR) isn't just a box to tick – it's the compass guiding us toward top-tier data security.

We'll guide you through the simple process of anonymizing personal data in your Atlassian tools, combining security and performance.

Here's what to expect in this post:

  1. 6 Steps to Anonymize Personal Data 
  2. What options for data cleanup do I have as an Atlassian Server customer?
  3. This is how user anonymization can appear in Jira
  4. What does data privacy and cleanup look like in the Cloud?

 

6 Steps to Anonymize Personal Data

Personal data includes sensitive information about identifiable individuals - whether it's names, email addresses, phone numbers, or other confidential details. Failure to keep this data confidential is a violation of GDPR regulations. To prevent data breaches and increase user trust, it's critical to anonymize this data to protect the individuals involved.

We'll show you how to do it in just 6 steps:

1. Identify personal data

The first critical step is to carefully identify all personal data captured and stored in Jira. This includes everything from custom fields to comments and attachments, so no detail is overlooked..

2. Establish clear policies and procedures

Establish clear policies and procedures for securely anonymizing your user data. Make sure they comply with applicable privacy laws and your company's policies.

3. Pseudonymization at ticket creation

A highly effective method of anonymization in Jira is to use pseudonyms instead of real names. For example, users can enter their usernames or randomly generated IDs instead of their real names when creating issues..

4. Removing or anonymizing existing personal information

When personal information is no longer needed, it must be deleted or anonymized. It's also important to remove any references to this data in comments or links.

5. Access control and permissions

Anonymity of personal information depends on the proper definition of access controls and permissions. Limit access to sensitive information to only those who need it.

6. User training

Last but not least, it's important to educate all Jira users about the importance of anonymizing personal data. Make your team aware of best practices and privacy requirements to foster a strong privacy culture.

With this guide, you'll be able to successfully implement GDPR-compliant anonymization of personal data in Jira.

 

What options for data cleanup do I have as an Atlassian Server customer?

You have several options for cleaning up your data. We'll walk you through them and highlight their pros and cons.

Preface: we recommend discussing this with a data protection officer or legal counsel to ensure compliance with GDPR requirements.

 

 

This is how user anonymization can appear in Jira

Regardless of which method you choose, the user name is replaced with an anonymous username. This applies to issue creators, comments, and user profiles alike.

 

What does data privacy and cleanup look like in the Cloud?

When it comes to GDPR compliance in the cloud, Atlassian takes responsibility for the security, availability, and performance of its applications, systems, and environments. At the same time, the customer is responsible for how they use and manage the platforms. Customer responsibilities fall into four areas: users, policies and compliance, third-party applications, and information and data management.

Cloud data and compliance is a broad and important topic. While we can't cover every aspect in this blog post, we wanted to share some thoughts that can help you take a critical step toward compliance.