General Data Protection Regulation
Atlassian is committed to our customers' success and the protection of their data by ensuring that we comply with the General Data Protection Regulation (GDPR) and all privacy-related regulations. The GDPR is designed to give European Union citizens more control over their data and seeks to unify a number of privacy and security laws under one comprehensive law. The GDPR not only applies to organizations located within the EU, but expands to all companies processing the personal data of data subjects residing in the EU, regardless of the company's location (the so-called extraterritoriality principle). Violations of data processing principles under the GDPR may result in fines of up to 4% of annual worldwide turnover or €20m, whichever is the greater, not to mention reputation and brand damage.
Main elements of the regulation
The intention of the GDPR is to acknowledge the value of personal data and the agency individuals have over their own personal data. Article 5 explains the principles of the legislation:
- Data should be processed lawfully, fairly, and in a transparent manner.
- Data will be collected and used for the purposes you give to the data subject, and not beyond this. (There are some exceptions, in the case of using data for the “common good.”)
- Only collect what you need, and no more. This benefits both the data subject and your organization; there is no sense in being responsible for protecting data you don’t actually need.
- Data should be maintained for accuracy, and when it is no longer accurate or up to date, steps should be taken to rectify this or delete the data.
- Data should be kept in a form that identifies data subjects only for as long as is necessary and discards the data when it’s no longer useful.
- Data should be stored in a way that preserves its integrity and confidentiality.
Companies, or so called controllers will be held accountable for adhering these principles.
GDPR compliance
As a data processor, we are entrusted with some of our customer's most valuable data, which is why we have built security into every layer of the Atlassian Cloud architecture and have adapted all of our product offerings, operations, and contractual commitments to continue to comply with this regulation. The specifics of how personal data is processed, collected, stored, and deleted by product can be found in our recently updated Data Processing Addendum. In addition to our addendum, Atlassian has implemented a number of tools to help our customers remain GDPR compliant:
- Security protocols that are backed by certifications such as ISO/IEC 27001 and SOC 2, which mirror many of the security and privacy requirements of GDPR
- Data portability and management tools that help customers meet the obligation to be forgotten (or right to erasure) clause by making it easy to delete personal data from Atlassian Cloud products:
- Ability to import and export data
- Requests to delete information, with specific information on
- how admins can facilitate account deletion of their managed users
- how unmanaged end users may request their personal data be deleted
- how people who have provided their personal data or had their personal data provided to Atlassian, but do not have Atlassian accounts, may also initiate a request for deletion
- Data residency that allows customers to pin in-scope product content at rest to a location. Planned expansions to our data residency program (including data residency for apps and additional locations) are highlighted in Atlassian’s cloud roadmap
-
Data encryption at rest and in transit and plans to build BYOK encryption as highlighted in Atlassian’s cloud roadmap
- Data transfer impact assessments and consulting services with EU regulators where appropriate
- A list of all of our data subprocessors and an RSS feed subscription where you can stay up-to-date on changes
- Commitment to notify customers of any data breaches related to customers and users
To learn more about our approach to security and data privacy please visit the Atlassian Security Practices and Privacy Policy pages.
International Data Transfers
As a company with a global customer base and operations, Atlassian must be able to transfer and access data around the world. We understand and respect the rules for onward transfers of personal data outside of the European Economic Area and UK, and offer customers a robust international data transfer framework as a part of our Data Processing Addendum (DPA). This addendum ensures that our customers can lawfully transfer personal data to Atlassian Cloud products outside of Europe, including the recent updates coming out of the UK. In addition to the addendum, Atlassian is committed to protecting customer data privacy and rights by only responding to law enforcement requests after a comprehensive legal review. Our team publishes an annual Transparency Report with information about government requests for users’ data as well as government requests to remove content or suspend user accounts.
Whenever we share your data with Atlassian service providers, we remain accountable to you for how it is used by any of these organizations. We require all service providers to undergo a thorough diligence process and enter into contracts that ensure our customers' personal data receives adequate protection and safeguards.
To learn more about our data practices, see our Privacy Policy.
Relevant products
Project and issue tracking
Jira Software
enterprise agile planning
Jira Align
high-velocity itsm
Jira Service Management
document collaboration
Confluence Cloud
Git code management
Bitbucket Cloud
VISUAL COLLABORATION
Trello
modern incident response
Opsgenie
incident communication
Statuspage
help desk service management
Halp
Our team is here to help
Have more questions about our compliance program?
Do you have cloud certifications? Can you complete my security & risk questionnaire? Where can I download more information?
Trust & security community
Join the Trust & Security group on the Atlassian Community to hear directly from our Security team and share information, tips, and best practices for using Atlassian products in a secure and reliable way.
Atlassian support
Reach out to one of our highly-trained support engineers to get answers to your questions.