GDPR に対するアトラシアンの取り組み


アトラシアンは、お客様の成功とデータの保護を何よりも重視しています。この重要な目的を果たす一手段として、アトラシアンでは、お客様とユーザーが GDPR (一般データ保護規則) を理解し、必要な場合は順守する支援をしています。2018 年 5 月 25 日に施行された GDPR は、ヨーロッパのデータプライバシー法制に過去 20 年間で最大の変化をもたらしました。

GDPR には、自己データに対するEU (欧州連合) 加盟国の市民の主導権を強化する目的があり、多数存在する現行のプライバシーセキュリティ関連法を、1 つの包括的な法律に統一することを目指します。GDPR の適用対象は、EU 域内の組織にとどまりません。EU 域内に居住するデータ主体の個人データを企業が処理および保有する場合は、その所在地にかかわらず、すべて GDPR が適用されます。

このページでは、GDPR 順守に対するアトラシアンのアプローチと投資、および GDPR の順守に関するお客様の支援方法について説明します。

GDPR Compliance

We appreciate that our customers have requirements under the GDPR that are directly impacted by their use of Atlassian products and services, which is why we have devoted significant resources toward helping our customers fulfill their requirements under the GDPR and local law.

Below are several GDPR initiatives that have been implemented for our cloud products:

  • We have made significant investments in our security infrastructure and certifications (see security and certifications section).
  • We support appropriate international data transfer mechanisms by maintaining our Privacy Shield certifications, and by executing Standard Contractual Clauses through our updated Data Processing Addendum.
  • We offer data portability and data management tools including:
  • We have made required updates to relevant contractual terms.
  • We have ensured Atlassian staff that access and process Atlassian customer personal data have been trained in handling that data and are bound to maintain the confidentiality and security of that data.
  • We hold any vendors that handle personal data to the same data management, security, and privacy practices and standards to which we hold ourselves.
  • We have committed to carrying out data impact assessments and consulting with EU regulators where appropriate.
Our Security and Certifications

Protecting our customers' information and their user's privacy is extremely important to us. We are entrusted with some of our customer's most valuable data, which is why we have built security into every layer of the Atlassian Cloud architecture. We provide replication, backup, and disaster recovery planning, encryption in transit and at rest, advanced threat detection, and more. Visit the Atlassian Security Practices page to learn more about our approach to security.

Additionally, we have devoted significant resources towards ensuring our cloud products are built and designed in accordance with widely accepted standards and certifications. These standards mirror many of the security and privacy requirements of the GDPR and give our customers a transparent framework by which to measure our software development and data management practices.

We have certified a number of our products for ISO/IEC 27001, ISO/IEC 27002, and ISO/IEC 27018 standards as well as SOC2 Type II certifications. To learn more about our current certifications and commitments for our cloud products, please see the Compliance page on our Atlassian Trust site.

International Data Transfers

We offer customers a robust international data transfer framework as a part our Data Processing Addendum. This addendum ensures that our customers can lawfully transfer personal data to Atlassian Cloud products outside of the European Economic Area by relying on our Privacy Shield certification or the Standard Contractual Clauses. This addendum also contains specific provisions to assist customers in their compliance with the GDPR. To learn more about our Data Processing Addendum and the Standard Contractural Clauses, see our GDPR FAQs.

Atlassian does not access, collect, store, or otherwise process personal data in connection with providing our Server and Data Center products, except in limited cases where such data is provided for incidental support services. As such, many of the the obligations under GDPR that apply to data processors do not apply to Atlassian in the Server or Data Center context. Atlassian does not offer a DPA when you use Atlassian Server or Data Center products, as DPAs are required where Atlassian is acting as a data processor of personal data. For more information about GDPR compliance for our Server and Data Center products, see our Guide to Server and Data Center GDPR Support.

Data Portability and the Right to Be Forgotten

We help you honor your customers' requests to export their data, should you host your customer data on Atlassian products. Atlassian provides robust data portability and data management tools for exporting product and user data. For more information on Atlassian Cloud data export see our import and export documentation.

We also help customers meet obligations under the GDPR right to be forgotten (or right to erasure) clause by making it easy to delete personal data from Atlassian Cloud products.

Atlassian Organization Admins can facilitate the account deletion of their managed users from controls in their admin portal. End users may also request that their personal data be deleted by initiating an account deletion request from their Atlassian account profile page. People who have provided their personal data or had their personal data provided to Atlassian, but do not have Atlassian accounts, may also initiate a request for deletion.

Privacy and Consent

Your privacy is important to us, and so is being transparent about how we collect, use, and share your information. In our Privacy Policy, we share what information we collect, how we use and store that data, and how you can access and control your information.

When you use Atlassian Server and Data Center products, Atlassian provides those products in a downloadable format. Atlassian does not access, collect, store, or otherwise process personal data in connection with providing those downloadable products to Server and Data Center customers, except in limited cases where such data is provided for incidental support services. For more information about how Atlassian handles customer data for our Server and Data Center products, see our Privacy Policy and our Guide to Server and Data Center GDPR Support.