What is GDPR?
If any of your partners, employees or customers are citizens or businesses in the EU, its time to review your company's compliance strategy. The General Data Protection Regulation (GDPR) is a new European Union privacy standard that mandates the ability for someone to have access to their personally identifying information (PII) and have the ability to change the information or "be forgotten" by requesting the removal of that data. These requirements can make achieving backward compliance standards very difficult. This new privacy law will impact everyone, from C-level executives to new hires and likely every department to include Human Resources, Information Security, Compliance and more. Regulations surrounding GDPR will affect most organizations, large and small, regardless of whether your business does business directly in the EU.
With the right tools and know-how, companies using Atlassian products like Jira and Confluence can not only achieve forward compliance by the May 25, 2018 deadline but also attain assurance that pre-existing content is compliant as well.
GDPR was designed to strengthen and unify data for European Union residents, regardless of where their data is used, processed, or stored. GDPR essentially legislates a lot of common sense data security ideas, like minimizing the collection of personal data, deleting personal data when no longer necessary, restricting access, and securing data through its entire lifecycle. But compliance violations can have costly consequences including Fines and penalties Your organization can face damaging penalties of 4% of annual global annually or 20 mil. euros.
The GDPR Checklist
Praecipio Consulting has over 11 years of expertise in Atlassian products alone. As an Atlassian Platinum Partner, we have full-service solutions ready to go to get your organization's pre-existing Atlassian application data within GDPR compliance quickly and confidently.
Praecipio's Solutions Consultants come armed with the tools to identify, review, and address the content that may not be in compliance throughout your Atlassian stack. We will conduct a thorough scan of your application's existing data to include all version histories. We produce reports that help your teams identify violations, use that feedback to improve and refine our search algorithms to ensure the highest level of coverage possible.
- Identify: we use tools and techniques developed in-house to locate potentially non-compliant data within JIRA, Confluence and other Atlassian applications.
- Review: We then provide a detailed analysis and report of our findings and conduct a thorough review of potential violations with your team.
- Address: Praecipio then incorporates findings from the review into further refinement of identification and generates an execution plan to redact pre-existing content to ensure compliance of your legacy data.
Maintaining Compliance in Confluence with Secure Content 2.0
Once your data is fully reviewed and in compliance, you'll need solutions to keep it that way. After all that effort and expense, you don't want to be one Confluence page edit away from a violation. For Confluence, Praecipio Software offers Secure Content 2.0 to easily secure and limit access to sensitive page content. We use 256-bit encryption to ensure any new content will not expose your organization to penalties in the future.
Your organization can invest considerable time and expense to get your Atlassian data GDPR compliant, but you'll need the tools to keep it that way. Praecipio Software's Secure Content Confluence App, available on the Atlassian Marketplace, gives your team an easy and safe way to store content securely that is both encrypted and with granular-level access control. This means sensitive data is securely encrypted on your database and access set by the author at the group or even individual level.
Secure Content is designed for robust security and ease of use. Ideal for shared, sensitive content such as passwords, data, reports - anything you need to restrict access to; anything that would likely fall under the 'identify and remove' GDPR regulation requirements.
- Owner Report macro: See all your Secure Content in one place. Drop it on any page and be a click away from all of your Secure Content across the entire Confluence instance for time-saving administration and editing.
- Transferable ownership: Control of Secure Content blocks can be optionally transferred by the Confluence administrator if needed. Or the owner can lock it down to make sure they maintain complete privacy and control, even from Confluence administrators.
- Implicit rendering: Less sensitive but still protected data can be optionally made to render automatically with the rest of the page content but only to Authorized users.
- Access request: Non-Authorized users can request access with a single click, alerting the content owner immediately for action via Confluence notifications.
Custom Compliance Solutions
Praecipio Software's custom development solutions can be engaged as well to address your organization's unique GDPR data security and compliance concerns.