Atlassian Blog

Atlassian and GDPR – Our commitment to data privacy

Atlassian is committed to compliance with the General Data Protection Regulation (GDPR), which will go into effect May 25, 2018. The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.

Our customers can trust that Atlassian has made GDPR a priority and has devoted significant and strategic resources toward our efforts to comply with GDPR. This post outlines our approach and progress to date.

What Atlassian is doing

Like many other global software companies, Atlassian is in the process of rolling out its company-wide GDPR compliance strategy leading up to May 2018 and beyond. Atlassian appreciates that our customers have requirements under GDPR that are directly impacted by their use of Atlassian products and services, and Atlassian is committed to helping our customers fulfill their requirements under GDPR and local law.

Below are a few examples of initiatives Atlassian has committed to in order to satisfy GDPR requirements that apply to both Atlassian and our customers:

GDPR Q&A

Does Atlassian process Personal Data of its customers?

Yes, Atlassian processes customer Personal Data to provide the products and services and for other limited purposes enumerated in our Privacy Policy.

Where does Atlassian send my data?

Our goal is to provide our customers with secure, fast, and reliable services. As a provider of global services, we run our services with common operational practices and features across multiple jurisdictions. Today, Atlassian stores data in its AWS data centers located in the US and Ireland. Data is stored based on the data center closest to the location of the majority of users accessing an instance. Atlassian may also allow employees and contractors located in the US, Europe, Australia and the Philippines access to certain data for product development, customer and technical support purposes. We disclose in our Privacy Policy that customer data may be hosted in or accessed from these countries.

Can you guarantee that my data will stay in a certain location (e.g., Europe)?

While we prioritize hosting your data in the location closest to your largest user base for performance reasons, some Atlassian service and product features will still require that data be transferred to the US and Australia. In addition, Atlassian personnel may need access to data stored in the EU from a non-EU country (e.g., US, Australia or the Philippines) for technical and support related reasons.

Is Atlassian Privacy Shield certified?

Yes. You can view our Privacy Shield certifications here.

Is Atlassian SOC2 certified?

Yes, we have recently completed SOC2 Type 1 certifications for Bitbucket, Jira Software, Jira Service Desk, Jira Core, and Confluence Cloud. You can learn more here.

More Resources

Atlassian is 100% committed to customers success and the protection of customer data, which is why our customers can count on our commitment to GDPR compliance. For more, please visit Trust @ Atlassian, including: