Last updatedApr 3, 2020

Rate this page:

Privacy & Consent: Onboarding

Overview

This documentation is designed to prepare vendors for storing user personal data for integrations. APIs must ensure that they comply with the GDPR when handling the personal data for users. This includes providing access, modification and erasure of personal data.

GDPR

GDPR is a European Union law enacted on 25 May 2018 that requires companies to protect the data and privacy of all European residents. The seven key principles are:

  • Lawfulness, fairness, and transparency
  • Purpose limitation
  • Data minimization
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability

Why GDPR compliance is so important

Atlassian is committed to compliance with the General Data Protection Regulation (GDPR).The regulation contains the most significant changes to European data privacy legislation in the last 20 years. It is designed to give EU citizens more control over their data and seeks to unify a number of existing privacy and security laws under one comprehensive law.

Because Atlassian provides access to a user's personal data, when a user makes a request to Atlassian to be forgotten, it is Atlassian's responsibility to pass that request along to third-party applications storing the data so that the applications can also respect the user's request.

Personal data (PD) is any information that relates to an identified or identifiable living individual. Different pieces of information, which collected together can lead to the identification of a particular person, also constitute personal data, such as these fields: email, avatar, username, full name, and bio.

If your API stores any personal data, you'll need to read through this page to understand the requirements we've set out for you to be in compliance with our policies and practices regarding GDPR and users' right to be forgotten.

GDPR Requirements

GDPR itself contains several features each system must support:

  • Right to erasure (also known as Right to be Forgotten): If API stores the personal data for a user and the user requests for their data to be erased, API must erase the data.
  • Right to rectification: If API stores the personal data for a user and the user changes their data, API must either erase or update the data.
  • Right to be informed: You must inform users if you collect and use their personal data.

Onboarding for Marketing Systems

To comply with the GDPR requirements APIs need to integrate with ConsentHub API.

Rate this page: