How to Anonymize User Data in Confluence to Comply with GDPR’s “Right to be Forgotten”

One of the biggest challenges many Jira and Confluence admins face is complying with GDPR’s Right to be Forgotten. Jira users leave a lot of footprints when they create, comment, and vote on issues—and it isn’t easy to erase them without losing valuable information. That’s why we developed two Apps called User Anonymizer for Jira and User Anonymizer for Confluence.

Not long ago, we talked about the importance of complying with GDPR in Jira, as well as how to meet GDPR’s all-important “Right to be Forgotten” requirement using our new User Anonymizer for Jira app.

A lot has changed since then. We released our first User Anonymizer app. We’re getting ready to release a new one for Confluence. And—oh, by the way—GDPR is now in full effect!

If you’re reading this blog post, you’re probably still working through compliance issues. Don’t worry. It’s not too late to get started. And with resources like the User Anonymizer for Confluence app, it’s surprisingly easy to achieve compliance with GDPR’s Right to be Forgotten.

What is GDPR?

For consumers, GDPR might seem like all those pesky new privacy policy emails they’ve been bombarded with lately. For businesses, though, it’s a lot more complicated.

The General Data Protection Regulation (GDPR) is a recent EU regulation promoting the individual’s right to protect their personal data.

In a nutshell, GDPR recognizes the right of consumers to protect their personal data. This means that businesses must make it easy for their users to understand what kind of information they collect and what they use it for.

A critical component of GDPR is the Right to be Forgotten (also called the Right to Rectification and Erasure). Under GDPR, consumers have the right, at any time, to revoke a business’ use of their personal data. Personal data includes anything related to an individual’s personal information: name, ID, email, demographics, psychographics, and so on.

In short, businesses must be prepared to delete a user’s personal data upon request.

What Does GDPR Mean for Confluence?

How is this related to Confluence, you might ask? After all, the platform mainly deals with internal company affairs.

Well, GDPR also applies to your employees. If they ask for their personal data to be deleted, you are legally required to comply. If you don’t, your company faces some hefty fines: €20 million or up to 4% of annual global revenue, whichever is higher.

As a Confluence administrator, you need to be prepared to…

Provide Information. You should be ready to provide information to any Confluence user about what personal data you have, as well as how you use it.

Provide DataYour employees have the right to access their personal data. This means any post they created, commented on, liked, and so on. You’ll have to scour all the information throughout Confluence, make a copy, and hand it over to any employee that asks for it.

Delete or Anonymize Information. Individuals have the right to revoke the use of their personal data at any time. For starters, this means deleting their profiles and personal spaces. But it goes much further. Your users leave a lot of footprints whenever they create, edit, comment on, or like content. Plus, there is the less obvious personal data stored in macros, activity histories, and watch lists.

Finding and redacting all of this personal data can be extremely time-consuming and complicated. Doing this for a single employee is hard enough—now imagine if you get more than a handful of requests.

One Step Closer to GDPR Compliance in Confluence

To make your life as a Confluence administrator easier, we created the User Anonymizer for Confluence app. This gives you a simple, yet powerful tool for instantly anonymizing all personal data across the platform for one employee or many.

Banner User Anonymizer for Confluence

With the User Anonymizer app, you don’t have to manually search through Confluence, tracking down each and every post or action they’ve taken. All you do is enter the user’s name in the Anonymizer and select a new anonymous name (e.g., “John Doe”) you’d like to use in its place. The app takes care of all the rest, searching wide and deep for every appearance of the user’s personal data and replacing it with the new name.

Easy Anonymization in Confluence - User Anonymizer for Confluence

Only need to anonymize user data for specific spaces? No problem. We’ve got that covered too. The User Anonymizer allows you to apply anonymization to as few or as many spaces as you need to, based on your users’ requests or business needs.

Use CQL to Filter - Anonymizer for Confluence

Getting Started with User Anonymizer for Confluence

GDPR went into effect on May 25, 2018. And the first of many lawsuits followed just hours later.

Unless you have a DeLorean handy to jump back in time and avoid the whole compliance thing, you can’t afford to wait any longer to address GDPR.

But worry not, we’ve got you covered! User Anonymizer for Confluence gives you an easy solution for addressing GDPR’s critical Right to be Forgotten.

Sign up for your free 30-day trial today—and make GDPR compliance a thing of the past.

June 29, 2018

Leave a reply