JIRA: Communication of personal data breaches
The GDPR requires data controllers and data processors to notify regulators and, in some cases, individuals in the event of a personal data breach (as defined in the GDPR). Please note, when you store personal data in Atlassian server or data center products, the personal data stays on systems within your own environment. Atlassian does not access, store, or otherwise process the personal data you choose to store within the products and is neither a data controller or processor for that data. For more information regarding security-specific configurations available to you through our products, please see the article on Security of Processing.
In the event that we identify a bug or other vulnerability in our own product or plugins that could lead to a personal data breach on within your environment, we will notify you as soon as possible (including, but not limited to via email or the release of an update). In all cases, we will also work to patch the bug or vulnerability as soon as possible.
There may be limitations based on your product version.
Note, the above-related GDPR workaround has been optimized for the latest version of this product. If you are running on a legacy version of the product, the efficacy of the workaround may be limited. Please consider upgrading to the latest product version to optimize the workarounds available under this article.
Third-party add-ons may store personal data in their own database tables or on the filesystem.
The above article in support of your GDPR compliance efforts applies only to personal data stored within the Atlassian server and data center products. To the extent you have installed third-party add-ons within your server or data center environment, you will need to contact that third-party add-on provider to understand what personal data from your server or data center environment they may access, transfer or otherwise process and how they will support your GDPR compliance efforts.