JIRA: Automated individual decision-making, including profiling
Article 22 of the GDPR gives individuals the right to information about the reasoning behind any decision made about the individual based solely on automated processing, which produces legal effects concerning him or her or similarly significantly affects him or her. Automated decision making of this kind is not part of the core functionality of any Atlassian server or data center products. It is theoretically possible to configure our products to produce automated decisions (e.g, by configuring a JIRA workflow), but this is a configuration only the customer would be aware of and therefore solely responsible for explaining to an individual requesting such information.
There may be limitations based on your product version.
Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.
Third-party add-ons may store personal data in their own database tables or on the filesystem.
The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.