Hey everyone, I’m currently working on a product (OAuth 2.0 authorization code grants (3LO) app) that connects to Atlassian and fetches data from Confluence + JIRA and saves it to an external database. The data is just confluence documents and JIRA tickets.
I noticed there is an obligation for third party vendors to follow GDPR guidelines, which are described here.
I don’t collect user specific data, like user names/emails/addresses. However, I do collect Confluence pages and JIRA tickets, which might include personal data.
Given the above information - what should I implement exactly on my end? More specifically, is it enough to allow the users to update + delete their documents? Or should I detect which users/accounts appear in those documents and allow them to update/delete their data?
Moreover, how frequently should I update the data in case it is changed? Should it happen immediately or can I have a job that runs every 3 weeks and updates the data?
Thanks in advance!