How to Anonymize User Data in Jira to Comply with GDPR’s “Right to be Forgotten”

One of the biggest challenges many Jira and Confluence admins face is complying with GDPR’s Right to be Forgotten. Jira users leave a lot of footprints when they create, comment, and vote on issues—and it isn’t easy to erase them without losing valuable information. That’s why we developed two Apps called User Anonymizer for Jira and User Anonymizer for Confluence.

Do you ever feel like you may have driven a DeLorean into work?

It’s like that feeling you get when there’s a major change to EU regulations, and you’re given two full years to get ready. Then you drive into work one morning and realize that enforcement is just one month away.

Yeah, that feeling.

Don’t worry. There’s nothing wrong with your car. GDPR enforcement snuck up on a lot of Jira and Confluence administrators.

If you’re looking to get up to speed (pun intended) on GDPR and how it affects your organization, you’ve come to the right place.

In this article, we cover the key elements of the new regulations and introduce you to a new app that makes it easy to meet GDPR’s all-important Right to be Forgotten requirement.

Let’s get started.

What Is GDPR?

The General Data Protection Regulation (GDPR) is a new privacy law focused on ensuring that individuals understand and consent to the data that companies collect about them. Designed to replace the 1995 Data Protection Directive, GDPR was approved by the EU parliament in April of 2016, with an enforcement date of 25 May 2018.

The objective of GDPR is to recognize the rights of consumers to protect their personal data. “Personal Data” is defined as any information relating to a person who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or other factors specific to physical, physiological, mental, economic, cultural or social identity.

The Five Key Components of GDPR

1) The right of information. Consumers have a right to know what personal data is stored and processed in your systems. As a Jira or Confluence administrator, you need to be prepared to respond to these requests and tell consumers what personal information you have and what it’s being used for.

2) Right to rectification and erasure. This is also known as “The Right to be Forgotten.” This covers everything from those photos you wish your friend hadn’t posted to Facebook, to the personal data that your previous employer has for you. Users have a right to ask for this information to be deleted, which means that you need a mechanism for effectively scrubbing personal data from your Jira and Confluence systems.

3) Restriction of processing. All processing of personal data needs to be for an explicit and clearly defined purpose. Your organization should have policies stating how it collects and uses personal data. Information collected for one purpose (e.g., travel preferences) shouldn’t be used for another purpose (e.g., HR decision making).

4) Right to data portability. Consumers have a right to request all personal data that businesses have stored on them. As an administrator, you must be prepared to provide all stored information in an electronically readable form.

5) Prohibition on automated individual decision-making and profiling. GDPR introduces new controls around the automated processing of personal data in order to predict individual outcomes (profiling), as well as the use of algorithms to make decisions that significantly impact individuals (automated decision-making). The nuances of these controls are beyond the scope of this article, but you can learn more here.

There are a lot of changes with GDPR, but perhaps the biggest one is the penalty for noncompliance. Companies that violate these new personal data protection regulations face fines of up to 4% of global revenue. That’s enough to make even make even the Googles and Facebooks of the world change how they handle consumer data. And it’s why businesses can’t afford to wait any longer to comply with the new regulations.

So What Does All This Mean for Jira and Confluence Administrators?

That depends. Confluence and Jira are incredibly powerful platforms. You could be using them to collect customer proposals, manage job applications, or even plan business trips. Chances are you’re using personal data in many different ways, and you’ll need to ensure that your policies, procedures, and systems are in compliance with GDPR regulations.

One of the biggest challenges you’ll face is complying with the new Right to be Forgotten. Your users leave a lot of footprints, whenever they create, edit, like comment, or vote on a page or issue. With GDPR, you need to be prepared to erase these footprints upon request.

This is a lot easier said than done.

Out of the box, Jira and Confluence don’t offer the ability to anonymize users. That means you’d have to go through your systems and find every page, comment, mention, etc., for a particular user and delete that content. This would be very time consuming, plus you would likely need to delete valuable pages and issues that your organization still needs.

Fortunately, there’s an easier way.

Icon User Anonymizer for Confluence and Jira

The Easy Way to Anonymize User Data in Jira and Confluence

The all-new User Anonymizer for Jira app makes it easy to comply with GDPR’s Right to be Forgotten.

The only solution for anonymizing data across Jira, this app gives you the power to search issues, comments, custom fields, and more, to find every instance a user appears and then—with just the click of a button—instantly anonymize them using whatever name you choose (e.g., “John Doe”). This allows you to keep the issues and information your organization needs—and easily remove sensitive personal data that it doesn’t.

Anonymize user date across Jira with User Anonymizer for Jira
With just a click of the button, you’re able to instantly find and anonymize sensitive user data across Jira.

The app gives you plenty of flexibility to customize user anonymization based on your organization’s needs and policies. Powerful JQL queries enable you to selectively apply anonymization to specific issue types, projects, groups, timeframes, and other parameters. A Sandbox Mode is included so that you can safely check your configuration before permanently anonymizing user data.

Sandbox Mode lets you safely preview anonymization settings
You’re easily able to customize anonymization with JQL.

Take It for a Test Drive Today

With User Anonymizer for Jira, the road to GDPR compliance is a lot easier. Now you’re able to easily anonymize user data to comply with the new Right to be Forgotten and avoid the costly penalties for noncompliance.

We also developed User Anonymizer for Confluence. Don’t worry, you won’t need to hop into a DeLorean to learn more. Simply sign up here to receive the latest news, product information, and exclusive offers for this app.

May 18, 2018

Leave a reply