catworkx is part of

Since the introduction of the new General Data Protection Regulation (GDPR) in May 2018, uncertainty still prevails in many companies. On the one hand, this is due to the fact that case law on the GDPR is often still lacking – keyword landmark rulings – and on the other hand, it is due to the scope and form of the documentation that the GDPR demands – mostly in a rather unspecific way – from companies.

catworkx has decided to take a collaborative approach to implementation in-house, using Jira and Confluence, which also views data protection as a living process. The data protection management system (DSMS) developed in this way not only maps the required documentation structures of the GDPR, it also enables the greatest possible transparency of responsibilities for data protection in a company.

Overview of details

The requirements

  • DSMS Configuration
  • Jira Core (Atlassian)
  • Teamworkx Issue Picker for Jira (catworkx)
  • Teamworkx Issue Publisher for Jira (catworkx)

Information and registration system

  • Jira Service Management (Atlassian, optional)
  • JSU Suite Utilities for Jira (beecom)
  • Autowatch for Jira (Mohami)

Confluence Space Template (Verfahrensdokumentation)

  • Confluence (Atlassian)
  • Scroll PDF Exporter for Confluence (K15t, optional)
  • Table Filter and Charts for Confluence (StiltSoft)

The benefit

  • Meaningful mapping of the structures of the GDPR requirements
  • Collaborative approach to data protection
  • Data protection is implemented as a living, ongoing process

Diverging data protection requirements in companies

It has been in force since May 2018: the European General Data Protection Regulation (GDPR). One year after its introduction, Stefan Winkel, fully qualified lawyer and data protection consultant at intersoft consulting services AG, assesses the situation as follows: ‘I would say that the implementation or continued implementation of the requirements of the General Data Protection Regulation is still on the agenda of most companies. However, the panic of spring 2018 has largely dissipated, which in most cases has allowed for a more objective approach to the issue. A little composure after the initial excitement is certainly good for everyone involved.’

So there is no need to panic, because the majority of companies have taken the essential and necessary steps. However, it remains to be seen whether the implementation has always gone optimally in some areas. This is because some companies viewed the adaptation of business processes to the GDPR as a one-time task that also only affected a few employees in the company. In doing so, different departments, such as sales or human resources, have to meet diverging data protection requirements. This is one of the reasons why catworkx takes a collaborative approach to implementing the GDPR, in which the implementation of data protection is seen as a living process in which workflows and versioning must be controlled and mapped.

One of the key requirements of the GDPR is accountability as per Art. 5 (2). The controllers in companies must be able to demonstrate compliance with data protection. Further documentation requirements can also be found, for example, in Art. 30 (record of processing activities) and 35 (data protection impact assessment) of the GDPR. This results in three essential areas for the structure of a data protection management system (DPMS):

A record of processing activities

that documents which personal data is collected and processed in certain processing activities in a company.

A reporting system

with a clearly defined process for reporting data breaches and data breaches.

An information system

that allows data subjects to request which of their data has been stored or to request the deletion of their data.

Furthermore, the DSMS must meet the following requirements:

  • Documentation of the technical and organisational measures (TOM)
  • Documentation of data protection impact assessments (DSFA)

It quickly became clear that the usual forms of documentation could not be used to implement the GDPR at catworkx. For example, it is common practice to create and update the necessary documentation for the GDPR using Office programs. The catworkx approach of understanding data protection as a living process is difficult to reconcile with such an approach.

With Jira and Confluence to a data protection management system

It was obvious to approach the implementation of process documentation at catworkx with the tools that we use every day – in other words, with the Atlassian tools Jira and Confluence, enhanced with a few additional modules from the Atlassian ecosystem. The special thing about the approach is the maintenance of the relevant procedures, the technical and organisational measures (TOM) and the data protection impact assessment (DSFA) are mapped in Jira via processes. The accompanying documentation for this is automatically sorted and stored in Confluence. The use of processes with their easy-to-design individual workflows enables sustainable documentation based on the division of labour, which includes release by the data protection officer (DPO) as needed and promotes annual review and adjustment of procedures and measures.


In detail, the DSMS at catworkx consists of the following Jira process types:

The internal procedure

by which the controller's processing activities are documented.

The order data processing procedure

in which the processing activities of the processor are documented.

The data protection impact assessment

in which the risks for the individual procedures are assessed according to risk, severity of damage and probability of occurrence.

The technical and organisational measures

in which the prescribed measures to ensure the protection and security of the processing of personal data are documented.

The versioning

in which each procedure is subject to a cyclical review – usually once a year – or when an amendment to the GDPR comes into force.

The respective processes in Jira are dynamically and automatically transferred to a previously defined process directory in Confluence and documented. This is where the Teamworx Issue Publisher for Jira from catworkx comes into play. This is how a dynamic process directory is created in Confluence, in which all the individual processes are documented with their respective measures. catworkx's collaborative approach to data protection also becomes clear, because individual measures are assigned to the respective managers, for example in the human resources department, sales or internal IT. Data protection officer Stefan Winkel notes: ‘For departments with different areas of focus, such as in the operational and administrative areas, there are also different areas of focus in terms of data protection. It is therefore definitely advantageous to assign internal responsibilities accordingly and to build up relevant expertise in the departments. At the same time, it must be possible to keep an eye on the big picture in order to prevent the formation of islands. This can be done well with a process management tool, such as the one used at catworkx, for example.’
Another special feature of the catworkx approach is the versioning of the individual processes and the measures derived from them. Because one thing is clear: for the area of technical and organisational measures, Art. 32 para. 1 lit. d of the DSGVO requires a regular review. But the directory of processing activities or other mandatory documentation must also be kept up to date. ‘Consistent management of existing documentation using a process management tool can greatly simplify the management of existing measures,’ explains Stefan Winkel.

Oliver Groht, Co-Founder catworkx

With our GDPR solution, we have consistently used Jira and Confluence in such a way that the two tools provide the greatest added value for the user in a simple way. With our experience, we were able to set up a solution within four weeks that can even hold a candle to large specialised solutions.

Oliver Groht Co-Founder catworkx

Built-in escalation automation

The individual procedures are regularly reviewed to ensure that data protection always remains up to date. In view of the still uncertain legal interpretation of the GDPR, this is an advantage should, for example, changes in the law occur. Another advantage of the catworkx solution is the ability to create dashboards in Jira that can be used to access reports on the status of data protection at any time, possibly with a necessary escalation level.
Implementing the DSMS with Jira and Confluence also adds value to the information system, because requests for information about the processing of personal data or deletion can be made via a Jira service management. The process for providing information is different from the process for reporting a data protection violation. In the latter case, a report must be made to the supervisory authority within 72 hours of becoming aware of the data protection violation, in accordance with Art. 33 of the GDPR. Therefore, the configured workflow in this process ensures escalation automation.

Awareness of data protection is being raised

Stefan Winkel draws a positive balance for the implementation of the GDPR at catworkx: ‘As with most other companies, the implementation of the necessary measures at catworkx was initially carried out by a few people. However, the ongoing operation of data protection concepts is handled differently from company to company. At catworkx, the decision was made to involve employees extensively in maintaining the data protection concept. In this way, the necessary tasks were distributed across as many shoulders as possible. A positive side effect of this arrangement is that employees also come into contact with the topic from time to time, beyond the obligatory data protection training. I think this is basically a very good approach for catworkx.’
This is because the advantage of the data protection management system (DSMS) developed by catworkx lies, on the one hand, in the ready-made structure with which the measures for data protection in companies and authorities are recorded in a clear and comprehensible manner. On the other hand, catworkx DSMS impresses with its collaborative approach, which takes into account the respective responsibilities. And it understands data protection not as a one-time process, but as an ongoing, changeable process that can be well controlled by the versioning function.

Contact us!

We advise you on the entire Atlassian ecosystem and are happy to support you in optimising licence models and costs.

This may also be of interest to you

News 08.04.25

Atlassian-Partner 2024–2025: High Velocity Service

Atlassian recognizes catworkx as Partner of the Year 2024-2025 in the High Velocity Service Management category for outstanding performance, innovation and customer success worldwide.
News 17.03.25

Lindsey Norman is joining our team in the USA

catworkx welcomes Lindsey Norman to a key consulting role in the US! With years of experience in Atlassian solutions for large organizations, she brings valuable expertise to our team.
News 17.01.25

Atlassian Data Center price adjustment coming in February

Atlassian will adjust Data Center pricing in Feb 2025, adding new user levels to align with its cloud products. Learn more about the changes and how to prepare.
News 17.01.25

Welcome: Jimmy Areias joins our US team

We’re excited to welcome J. Areias as our new Strategic Account Manager for the US! With 17 years of experience, he brings deep expertise in optimizing workflows and implementing Atlassian solutions.
News 10.01.25

A new chapter for catworkx US

catworkx opens a new chapter in the USA: Nick Howser is our new CEO! With 13+ years in the Atlassian ecosystem and a strong focus on customer success, he will drive growth in the US.
News 12.12.24

JOIN(+) becomes part of TIMETOACT GROUP

TIMETOACT GROUP, a leading provider of IT services for the upper mid-sized-market companies, corporations and public institutions, is acquiring JOIN(+), an experienced consulting firm in the field of Big Data & AI.

News 13.11.24

25 years of catworkx

25 years of catworkx – a quarter of a century of success and innovation! We celebrated this special anniversary in style on a Danube cruise: from Passau via Vienna to Budapest and back, we took time to look back together on 25 years of developments and successes. A big thank you to our fantastic team and everyone who has joined us on this journey – we look forward to the next 25 years with you!
News 04.11.24

EverIT becomes part of catworkx and the TIMETOACT GROUP

catworkx (part of the TIMETOACT GROUP), a leading partner for enterprise integration based on the Atlassian platform, is acquiring EverIT, a specialized Hungarian Atlassian partner.
News 18.09.24

New pricing structure for Atlassian Cloud from October 2024

Atlassian is implementing significant price and package changes for its cloud products as of October 16, 2024. The price adjustments affect Jira, Confluence, Jira Service Management and other products, among others. Certain Jira Service Management features will also be moved to higher-value editions and some services will be converted to a usage-based pricing model.
Führender Atlassian-Champion STAGIL wird Teil der Timetoact Group
News 06.07.23

Leading Atlassian Champion: STAGIL becomes part of TIMETOACT

TIMETOACT GROUP, a leading provider of IT services for upper mid-sized companies, corporations and public institutions, acquires STAGIL, one of Germany's largest Atlassian Platinum and Enterprise Solution Partners: With this acquisition, TIMETOACT GROUP's Atlassian consulting portfolio, which is managed under the catworkx brand, moves up into the top league in the German-speaking region. The former STAGIL managing director Björn Frauen becomes co-managing director of catworkx Germany in the course of the merger. He will also become a shareholder in TIMETOACT GROUP. The parties have agreed not to disclose details of the transaction.

Nachbericht Atlassian Team' 23: Neue große Produktankündigungen - Atlassian Intelligence, Atlassian Confluence Whiteboards oder Atlassian Beacon
News 25.04.23

Highlights & Impressions: Follow-up to Atlassian Team'23

The ultimate event for modern teamwork is over - Atlassian Team' 23 took place from April 18 to 20 in Las Vegas. No matter if live on site or online, for the participants there were great new product announcements - first and foremost Atlassian Intelligence, Confluence Whiteboards or Beacon - exciting insights and conversations and a lot of personal exchange.

Atlassian Jira-Kunden-Info: Microsoft Basic Authentication Abschaltung
News 03.11.22

Microsoft Basic Authentication Deactivation

On October 1, 2022, Microsoft deactivated Standard Authentication (Basic Auth) for Microsoft 365 Exchange Online. Microsoft has now announced an extension until the beginning of 2023. Users now have the option of reactivating the old authentication one last time via self-diagnosis.

News 28.08.22

Atlassian publishes largest release for Confluence

Atlassian announces a series of new functions for Confluence. There is also a Confluence Mobile App and - last but not least - Confluence is now also on YouTube.
Referenz

Inventory management with Jira and Confluence from Atlassian

The catworkx approach for lifecycle management of IT inventory: The lifecycle of the inventory is modeled as a specific Jira workflow and various inventory categories are mapped and managed as task types. Confluence is perfectly suited for the documentation.
Referenz

Updating and expanding the Jira reporting system

PS Parkhaus Service Nürnberg manages 13 garages. In 2011, catworkx implemented a Jira system for message tracking, which was updated and expanded in 2019.
Referenz

Customer Relationship Management with Jira and Confluence

TOPMOTIVE Group, a leading provider of catalog and information systems in the automotive aftermarket, used Atlassian tools to bundle and provide sales-related information in one system.
Referenz

Managing projects with Confluence and Jira at ASI

In 2016, the IT department of Austrian Standards was given the task of converting 160 systems to a decentralised system in 2 years. catworkx accompanied the successful change in the corporate culture
Referenz

Implementation of an application lifecycle management

The EOS Group managed its requirements management in a database for a long time. With Jira and catworkx, implementation requirements were transferred and application lifecycle management optimized.
Referenz

Confluence and Jira Service Management in use at JKU

At the JKU Linz, 21,000 people study in over 60 subjects. In 2018, a service portal was created using Jira Service Management and Confluence based on the motto “Help customers help themselves.
Referenz

Atlassian Cloud: HR Personio & Ressourcenplanung bei TIMETOA

Efficient resource planning: TIMETOACT integrates Personio with Atlassian Cloud & Tempo for more transparency, less effort and better planning.
Training

Jira Essentials with Agile Mindset (Data Center)

Over the course of "Jira Essentials with Agile Mindset (Data Center)" training course participants learn the basics of Jira.

Training

Advanced Asset Management in Jira Service Management (Cloud)

Over the course of the "Advanced Asset Management in Jira Service Management" training participants will learn how to unlock the full power of Jira Service Management with the help of assets.

Training

Jira Administration Part 1 (Data Center)

Over the course of the training "Jira Administration Part 1 (Data Center)" participants learn the most important steps for setting up a Jira instance (Jira Core, Jira Software or Jira Service Management).

Training

Getting more from Jira Workflows (Data Center)

Over the course of "Getting More from Jira Workflows (Data Center)" training participants learn about common status and transition properties, advanced workflow functionalities and how to configure them.

Offering 10/19/22

Smart Start

Using Smart Start you receive a customized prototype based on Jira, Jira Service Management or Confluence after a detailed requirements analysis.
Referenz

Portfolio management and project budget planning/control

Diebold Nixdorf optimizes portfolio and budget planning with Jira. Jira replaces Excel and ensures better forecasts and more efficient controlling processes in global banking and retail.
Offering 10/19/22

Smart Assessment

Using Smart Assessment you can have your existing IT environment assessed, e.g. in the event of a change of deployment or a required upgrade.
Offering 10/19/22

Smart Check

Smart Check provides you with a structured analysis of your current Atlassian tool deployment: a readiness analysis together with an efficiency check.

Offering 8/9/22

Expert Workshops

As an Atlassian Platinum & Enterprise Solution Partner, catworkx specializes in customer-specific expert workshops for Atlassian products.
Agile Transformation
Kompetenz 7/20/22

Agile transformation

Cross-team planning and strategy through scaled agility with Atlassian tools - your entry into successfully scaling agile teams.
Referenz

Cost reduction through centralized license management

With the support of catworkx, adesso implemented the “Atlassian-as-a-Service” (SaaS) model, which combines all licenses under one license key and manages them via the central IT.
Service 9/12/22

Licenses & Apps

Unrivalled fast licensing service incl. optimization for all Atlassian and Marketplace products
Event

Service Space 2025 - The Conference for Service Management

Discover the future of Service Management at Service Space 2025 in Vienna! Meet catworkx and learn about innovative solutions with Atlassian.

Stay updated

Are you interested in the Atlassian ecosystem, modern teamwork, the digitalization of the working world and agile methods?

In our newsletter we inform you about news about Atlassian & catworkx, exciting event dates, free webinars, new training offers as well as interesting whitepapers and blog posts.

Bitte füllen Sie alle markierten Felder (*) aus.