How do you use the benefits of cloud services in accordance with the new Swiss data protection law RevDSG?

The Swarmit event about Atlassian cloud challenges & Swiss data protection laws took place on October 25 in Zurich. The event dealt intensively with key topics such as the challenges in the Atlassian Cloud, data protection regulations and FINMA requirements.

Attendees expected talks and discussions, including an insight from Gabriela Tsekova from PwC on data protection. Our goal was to involve participants in these significant conversations and help them develop tailored adaptation strategies.

Would you like to download the presentation? Here is the link!

Download presentation

Key takeaways from a participant's perspective

Is my data protected? Am I and my organization data secure? Can I/can my data do that in the Atlassian Cloud or maybe right there?

There is (unfortunately) no easy answer to these questions. This was shown even without any painting in the magnificently attended Swarmit event last week. However, I was able to take away some very important points that also help me in the ongoing task of protecting the data in my organization and that of my customers.

1. No miracle weapons - Data protection requires the interplay of technology, organization and regulation.

Atlassian's security architecture helps as an important basis, and certifications such as ISO/IEC 27001 and SOC 2 prove basic compliance with the requirements of the BDSG and also the GDPR. The certificates and guidelines are easy to find, as is the clear call and need to participate.

2. Transparency and responsibility - We remain strategically and operationally responsible for thinking about our use of data.

A management level can and must establish compliance guidelines and set them on a reliable contractual basis. However, signing the “Data Processing Addendum” (Data Processing Supplementary Agreement) or issuing an internal guideline is not enough. In daily work, awareness must be raised to carefully handle structured, sensitive data in particular.

3. Focus on data protection rules - Data storage in Europe and soon also in Switzerland is an important prerequisite for compliance.

Atlassian is very transparent about transport and rest encryption as well as the processes involved in data access in case of support. As customers and consultants, however, we have the responsibility to keep an eye on the entire ecosystem and also to scrutinize the providers of plug-ins and extensions and make them subject to (contractual) obligations.

4. Mistakes are human - It's impossible to prevent everything, but guidelines and guidelines can help.

Our task is to prepare the organizational, technical and regulatory framework within which we can deal with this. For example, a technically possible “right to be forgotten” must also be applied, and colleagues' birthdays have no place in the cloud, even if it's just meant nicely. Together with Atlassian, there is a good technical and regulatory basis.

5. Transparency in case of data breaches - It is unavoidable that data breaches can occur, but rapid and reliable processing is crucial.

It is important that data breaches and security gaps are dealt with quickly and reliably and are informed about them. Don't be afraid to report! Neither internally within the organization nor externally to authorities and institutions with legitimate interests.

Last but not least, the information of those affected, whose interests are at the core of the protection claim and whose data we — whether on a server or, as is clearly visible here as a good option — store, manage and securely store.

If you have any further questions or need assistance, don't hesitate to contact us.

‍