Are Ids (issueId, statusId, projectId, clientKey) personal information under GDPR?

Recently there are discussions regarding safety, GDPR etc.

I’m wondering if ids are part of the personal iformation that is under GDPR.

1. If a cloud app, stores issueIds, statusIds, projectIds on backend to minimize number of requests to Jira and speeds up further processing does it count as storing or processing end user data?
2. If a cloud app stores issueIds, statusIds and times when issueId transitioned from one statusId to another statusId to speed up operations of calculation statistics does it count as storing or processing end user data?
3. If a cloud app stores clientKey, issueIds, statusIds and times when issueId transitioned from one statusId to another statusId to speed up operations of calculation statistics does it count as storing or processing end user data?

From one point those are user data (dates of transition), but from the other point those are only numbers, that without access to Jira Cloud instance don’t mean anything. There is no summary, titles, names etc. Just series of chars and digits.

Similarly Atlassian userAccountId means nothing outside of Atlassian system. Storing userAccountId (without any other user data) doesn’t count as storing or processing end user data. Or am I wrong?

Hi @ZbigniewPiecuch!

Given the potential legal & privacy sensitivities regarding interpretation of GDPR legislation, we have to be a bit careful about what sort of guidance we can provide you on this topic. I’ve just followed up with Atlassian’s Trust team to see if we can provide some concrete guidance for you.

cheers,
Tim

Thanks @tpettersen.
I’m aware that at the end it’s my decision and responsibility.
Still, all comments are welcome.