Records of processing activities (ROPA, GDPR Article 30)
- Andy Brook [Plugin People]
- 1 Context: who needs to document the records of processing activities?
- 2 Processing Activities
- 2.1 Providing the JEMHC service (processing inbound mail or sending outbound mail)
- 2.2 Providing per-customer telemetry/notifications via Instant Messages and SMS
- 2.3 Providing Support : Help with inbound mail problems
- 2.4 Providing Support : Help with outbound mail problems
- 2.5 System Support: Monitoring System Operation
- 2.6 System Admin: BCC copies of system notifications
- 3 ROPA Grid
Ref: https://www.gdprregister.eu/gdpr/records-of-processing-activities/
Article 30 of the EU General Data Protection Regulation (GDPR) requires organisations to maintain internal records, which contain the information of all personal data processing activities carried out by the organisation. These records help organisations understand what personal data they collect, where it comes from and how that data is being processed.
Context: who needs to document the records of processing activities?
Article 30 GDPR stipulates that all records of processing activities have to be maintained by organisations employing more than 250 employees. Smaller organisations only need to document processing activities that:
are not occasional (e.g., are more than just a one-off occurrence or something you do rarely); or
are likely to result in a risk to the rights and freedoms of individuals (e.g., something that might be intrusive or adversely affect individuals); or
involve special category data or criminal conviction and offence data (as defined by Articles 9 and 10 of the GDPR).
Processing Activities
JEMHC uses secure transport (SSL/TLS) for secure point to point transfers for connections to customer mailservers, Jira instances and 3rd party integrations the customer configures. The Plugin People development/support environments are encrypted at rest.
The following are the key activities The Plugin People perform where we can come into contact with data relating to your instance:
Providing the JEMHC service (processing inbound mail or sending outbound mail)
We provide the JEMHC tools as a Processor service, customers configure it for two core cases: (a) retrieve email from mailboxes they control to create issues in a Jira system they control (b) send data from the Jira system the control through mailboxes they control. JEMHC supports mailservers with secure transport.
The Plugin People Ltd do not use, scan, share or disseminate customer email content other than for the provision of the features available to the customer through JEMHC (eg Auditing retains a copy of inbound and outbound mail - customer can opt out of this functionality at the risk of data-loss in no-processing scenarios).
In failure scenarios, the customer are notified about the problem with a link to the audit mail. In problem scenarios where auditing is opted-out, the problem mail (in full) is attached to avoid data loss. This mail is sent through the customer controlled mailbox to “Forward” recipients the customer configures in JEMHC Profiles.
Providing per-customer telemetry/notifications via Instant Messages and SMS
Customers may configure a variety of telemetry integrations, e.g. Slack/Telegram to communicate current processing, where PII data (email addresses may be shown), SMS to customer entered phone# can also be used for alerting purposes.
Providing Support : Help with inbound mail problems
During the provision of support of JEMHC customer through our support portal we may ask for supporting information that could contain Personally Identifiable Information (PII):
a) Customer may send a mail to one of our support staffs actual email (eg to/cc)
b) Customer may ‘flag’ an inbound message within JEMHC that causes data related it that messages processing to become available to support staff:
the email in raw full TEXT form
the JEMHC processing report for that email
the JEMHC configuration Profile, that may contain email addresses
When providing such mail, it will expose low level data like IP addresses, PII relating to recipients and potential PII from content and/or attachments.
e) Customer may provide Screenshots of live Jira issues or error messages, or on screen log output that may expose a variety of data/PII.
Providing Support : Help with outbound mail problems
During the provision of support of JEMHC customer through our support portal, customer may attach:
a) copies of outbound mail that JEMHC retains as part of auditing, such mail would contain data from the Jira instance as well as PII of the recipient.
b) the JEMHC Auditing Event (Webhook) that is the topic of the support query. Webhooks contain a lot of issue-specific data, comments etc.
System Support: Monitoring System Operation
The Plugin People have named support staff have access to our JEMHC monitoring app from which we can see customer billing contact info, high level Capacity Plan usage, DataPack purchases etc. There is no access to customer configurations, data, or instance issues.
System logging exposes per instance processing traffic, we see customers hitting nominated mail servers with outcomes. These logs are transitory and typically removed every month or two due to finite storage space. JEMHC logs do not output email content deliberately in clear, the subject may be hashed for visual tracking only. Various error conditions and responses from customer mail servers are repeated verbatim in our logs, that will allow us to assist with related support queries.
System Admin: BCC copies of system notifications
The Plugin People have named system admins that receive BCC copies of JEMHC system generated email notifications (an opt-out for this usage is planned ashttps://thepluginpeople.atlassian.net/browse/JEMHC-3790 )
Monthly usage notifications
This to enables to validate those recipients actually get notifications. When noticed, we can inject a message into JEMHC to alert JEMHC admins when recipients they have configured cause non-delivery email responses from receiving mail servers.
Capacity Plan consumption
Sometimes a customers JEMHC Plan Allocations can be used up that results in stoppage of further processing. JEMHC will notify recipients set in JEMHC > Licensing > System Notifications, with an explanation. Billing staff here receive a CC: of such notifications, such that we can reach out pro-actively to offer advice and assistance in getting more capacity, to minimise time that the customer is impacted.
ROPA Grid
Category | Description |
|---|---|
Email Address | A simple email address, may contain personal name “Personal Name” <user@domain.com |
Personal Name | The name of a sender or recipient of an email |
Full Email Data | The raw message/rfc822 email in full. This includes all mail headers (containing IP addresses), all recipients (may contain personal names), content and attachments. |
Jira Issue Content | Data from the related Jira issue, summary, description, comments, recipients, custom fields, attachments. |
JEMHC Configuration | The JEMHC Profile contains all inbound mail processing config that can include email addresses, may contain Personal Name configuration that you have set. |
Logs | Error logs returned from your mailhosts may contain personal names and email addresses that cannot be filtered. |
The following is a grid of processing activities relating to JEMHC:
Data Controller : The Plugin People Ltd
Pure Offices (Suite 34-45),
Hatherley Lane, Cheltenham, Gloucestershire, UK, GL516SH
data-protection-officer@thepluginpeople.com
eu contact: eurep@itgovernance.euArticle 6(1)b - processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
Article 6(1)c - processing is necessary for compliance with a legal obligation to which the controller is subject;
Ref | Business Function | Purpose of Processing | Categories of Data Subjects | Personal Data | Data Accessed By | 3rd Country / International Organisation Transfer | Safeguards | Retention | Technical and Organisational Security Measures | Lawful Basis |
|---|---|---|---|---|---|---|---|---|---|---|
1.0 | App | Reading Email Content and converting to Issues in your Jira | Your customers | Full Email Data | Jira Admins, Participants | NA | 2FA | 30 days | Transport Encryption (first hop), Encryption at rest | Article 6(1)(b) Contract |
1.1 | App | Sending Email Content from your Jira to your Customers | Your customers | Jira Issue Content | Jira Admins, Participants | NA | 2FA | 30days | Transport Encryption (first hop), Encryption at rest | Article 6(1)(b) Contract |
1.2 | App | Sending IM system status Messages to your IM Rooms | JEMHC System | n/a | IM Users | NA | NA | NA | Transport Encryption (first hop) | Article 6(1)(b) Contract |
1.3 | App | Sending IM telemetry to your IM Rooms | Your customers | Email Addresses | IM Users | NA | NA | NA | Transport Encryption (first hop) | Article 6(1)(b) Contract |
1.4 | App | Sending IM system status Messages to our Rooms | JEMHC System | Email Addresses | The Plugin People | NA | NA | 90days | Transport Encryption (first hop), 2FA to access Our Slack Message retention is 90days. | Article 6(1)(b) Contract |
1.5 | App | Auditing of Inbound/Outbound Mail Processing | Your customer Email data | Full Email Data | Jira Admins, Jira Project Admins | NA | NA | 30days | Transport encryption Email content has encryption at rest You can opt out of this retention | Article 6(1)(b) Contract |
1.6 | App | Processing Webhooks from Jira to generate emails | Issue data, Your customers Email data | Jira Issue Content, Email Addresses | Jira Admins, Jira Project Admins | NA | NA | 1 hour | Transport encryption Email content has encryption at rest | Article 6(1)(b) Contract |
1.7 | App | Storing/reusing historic Webhooks for use in custom Template Preview | Issue data, Your customers Email data | Jira Issue Content, Email Addresses | Jira Admins, Jira Project Admins | NA | NA | indefinite | Transport encryption Email content has encryption at rest | Article 6(1)(b) Contract |
1.8 | App | Storing/reusing historic Emails as Test Cases | Your customer Email data | Full Email Data | Jira Admins, Jira Project Admins | NA | NA | indefinite | Transport encryption Email content has encryption at rest | Article 6(1)(b) Contract |
1.9 | App | Exporting Auditing Email / Report | Issue data, Your customers Email data | Jira Issue Content, Email Addresses | Jira Admins, Jira Project Admins | NA | NA | NA | Transport encryption Report content has encryption at rest | Article 6(1)(b) Contract |
2.0 | Support | Retrieving data supplied by you to help with your request | Your customers | Full Email Data, JEMHC Configuration | The Plugin People, Participants | hostingRegion (eg USA) to the UK (where we are based) | NA | Support Issue Close Out for ‘flagged’ emails | Transport Encryption, Encryption at rest, 2FA to access. Email content stays within JEMHC system/db after being flagged, separate 2FA system access required to be able to download. | Article 6(1)(b) Contract |
2.1 | Support | Using data supplied by you to help with your request | Your customers | Full Email Data, JEMHC Configuration | The Plugin People | The UK (where we are based) to our dev site (USA). | NA | Support Issue Close Out for ‘flagged’ emails | Transport Encryption, Encryption at rest, 2FA to access. | Article 6(1)(b) Contract |
2.2 | Support | Sending email derived from your email content to a dead end mailbox (Mailtrap) to help with your request | Your customers | Full Email Data | The Plugin People | NA | NA | Support Issue Close Out for ‘flagged’ emails | Transport Encryption, Encryption at rest, 2FA to access. | Article 6(1)(b) Contract |
2.3 | Support | Excerpts of data supplied may be re-added to the support case for context | Your customers | Full Email Data, Logs, Screenshots | The Plugin People, Participants | The UK (where we are based) to our Jira site (USA). | NA | 3 years | Transport Encryption, Encryption at rest, 2FA to access. | Article 6(1)(b) Contract |
3.0 | Sales | Providing Quotes & Invoices for DataPack/Plan Upgrades through Email (sales@) | Your Company Details, Your Name/Email | Personal Name, Full Email | The ordering party | We send email from the UK to wherever you are. | NA | 7 years | Transport Encryption, Encryption at rest, 2FA to access. | Article 6(1)(c) |
3.1 | Sales | Providing Quotes & Invoices for DataPack/Plan Upgrades through our Jira | Your Company Details, Your Name/Email | Personal Name, Full Email | The ordering party | The UK (where we are based) to our Jira site (USA). | NA | 3 years (Jira)
| Transport Encryption, Encryption at rest, 2FA to access. | Article 6(1)(c) |
3.2 | Sales | Quotes and Invoices tracked and docs archived | Your Company Details, Your Name/Email | Company Address, Personal Name, Full Email | The Plugin People | The UK (where we are based) to our Cloud storage site (USA). | NA | 7 Years | Transport Encryption, Encryption at rest, 2FA to access. | Article 6(1)(c) |
3.3 | Sales | Customer online payments | Your Name/Email | Personal Name, Full Email | The Plugin People | We are notified by email in the UK (where we are based) of your purchase where you are based. | NA | 7 Years | Transport Encryption, Encryption at rest, 2FA to access. | Article 6(1)(c) |
|
|
|
|
|
|
|
|
|
|
|