Introduction

The GDPR User Pseudonymisation for JIRA add-on is solution that allows to pseudonymise JIRA user data. Pseudonymisation includes JIRA user detail encryption in user profile page, issue information view, all picker fields, mentions and other places where user information can be displayed including Service Desk.

1) So what is pseudonymisation?

The General Data Protection Regulation (GDPR) introduces a new concept in European data protection law – “pseudonymisation” – for a process rendering data neither anonymous nor directly identifying. Pseudonymisation is the separation of data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately. Pseudonymisation, therefore, may significantly reduce the risks associated with data processing, while also maintaining the data’s utility. For this reason, the GDPR creates incentives for controllers to pseudonymise the data that they collect. Although pseudonymous data is not exempt from the Regulation altogether, the GDPR relaxes several requirements on controllers that use the technique.

2) Again, why we need to start pseudonymise our user data?

JIRA user account information may contain personal data and therefore would be subject to GDPR regulations. The application of pseudonymisation to personal data can reduce the risks to the data subjects concerned and help controllers and processors to meet their data-protection obligations. In order to be compliant with regulatory requirements organizations may need to pseudonymise JIRA user account data in order to mask ex-employee or customer personal data.

GDPR User Pseudonymisation for JIRA

Features:

• Ability to choose custom maksed value (pseudonym) for each user;
• Pseudonymises user’s username;
• Pseudonymises user’s First Name and Last Name (full name);
• Pseudonymises user’s email;
• Pseudonymises places where user is mentioned (with @);
• Pseudonymises user data in user picker type fields;
• Automatically removes Pseudonymised user from groups;
• Ability to Pseudonymise active or inactive user;
• Working with MySQL or Oracle database;
• Automatically detects if user is internal (JIRA account) or from external directory (Active Directory account);
• Compatbile with JIRA ServiceDesk;
• Ability to Pseudonymise any string (text) in JIRA issue summary, description or comments.

How to use GDPR User Pseudonymisation for JIRA

1. Installation GDPR User Pseudonymisation for JIRA

You must be a JIRA administrator to carry out further instructions.

Check Version Compatibility – Before you install or upgrade the GDPR User Pseudonymisation add-on, ensure that you using a version of the add-on that is compatible with your JIRA version. Installing this add-on is no different to installing any other JIRA add-on (see Managing app in the JIRA documentation).

To install the GDPR User Pseudonymisation add-on:

1. Click the ‘Administration‘ link on the top bar and choose ‘add-ons’.
2. Click the ‘Find new apps’ link under the ‘Atlassian Marketplace’ section in the left menu.
3. Type ‘GDPR User Pseudonymisation’ in the search field and hit Enter.
4. The GDPR User Pseudonymisation for JIRA add-on will appear. Click the button to install it. A confirmation message and the app details will display if it is installed successfully.

2. Updating GDPR User Pseudonymisation for JIRA

Updating the GDPR User Pseudonymisation for JIRA add-on is also no different to updating any other JIRA app (see Managing app in the JIRA documentation), i.e.

1. Click the ‘Administration’ link on the top bar to open the JIRA administration console.
2. Click the ‘Manage Add-ons’ link under the ‘Add-ons’ section in the left menu. You will see all the apps installed on your JIRA instance.
3. Find GDPR User Pseudonymisation for JIRA in the list.
4. Click the ‘Update’.

3. Using GDPR User Pseudonymisation for JIRA

In order to Pseudonymise user go to JIRA Administrative > Add-ons > Pseudonymise user.

Next you need to select a user which you want to Pseudonymise and new masked values.

• Select new username;
• Select new first name;
• Select new last name;
• Select new email.

After all information is added, press the green button and proceed to pseudonymisation. The confirmation tab will appear where you can confirm if all the data which you added are correct. You cannot undo the process after you have pressed Accept change. There is no way to un-done the process because changes will be made in the database.

In order to Pseudonymise any string go to JIRA Administrative > Add-ons > Pseudonymise string.

Next you need to select a string which you want to Pseudonymise and new string values.

In our example we will Pseudonymise “555-555-5555” into the text “Number”.

4. Removing GDPR User Pseudonymisation for JIRA

In case you are facing any problems with the configuration, miss a feature or need more information about GDPR User Pseudonymisation for JIRA, contact us at any time via our Service Desk!

In order to remove plugin from your JIRA instance:

1. Login as JIRA Administrator.
2. Click the cog icon on the top bar to open the JIRA administration console.
3. Via ‘Add-ons‘ > ‘Manage Add-ons’  tab in the left menu, you will see all apps installed on your JIRA instance.
4. Click the GDPR User Pseudonymisation for JIRA Add-on. The details for the GDPR User Pseudonymisation for JIRA Add-on will display.
5. Click the ‘Uninstall’ button. The information summary will display an ‘Uninstalling‘ message and the app will be uninstalled from JIRA.

5. Exceptions

Add-on is not working or may work as not as expected in following cases:

• In case user data comes from Active directory, LDAP or any third party HR customization;
• With any third party add-on which adds custom information to user which is not default user details;
• If you are using any other database type except MySQL or Oracle;
• If you are using JIRA on cloud.

6. Release notes

Version 1.1.2.

• Initial release.

7. Liability terms

The GDPR User Pseudonymisation for JIRA add-on is provided “as is,” and we expressly disclaim any and all warranties and representations of any kind, including any warranty of non-infringement, title, fitness for a particular purpose, functionality, or merchantability, whether express, implied, or statutory.

We shall not be liable for any loss of use, lost or inaccurate data, failure of security mechanisms, interruption of business, costs of delay or any indirect, special, incidental, reliance or consequential damages of any kind (including lost profits).

By downloading and using our GDPR User Pseudonymisation for JIRA add-on. You agree to accept our terms and conditions as binding ones.