GDPR compliance
Due to GDPR regulations, Forgerock has identified the following critical areas that assist in implementing a compliant system. The sections below identify what personal data is captured, where that data is stored when it is stored and who can potentially access the data. It is the implementer’s responsibility to scrub personal data as necessary to be considered compliant with GDPR regulations.
What personal data is being stored?
As ForgeRock IDM allows the user schema to be customized and linked to outside resources, it is not feasible to identify all potential Personal Identification Information (PII) that ForgeRock Identity Reporting can access. It is important to know that any application data that contains PII linked to an IDM user is exposed to the ForgeRock Identity Reporting application.
Examples: User Attributes:
-
username
-
givenName
-
sn
-
email
Where is personal data stored?
Reports can be exported in XLS or PDF format. Exporting a report is done in memory and leaves no artifacts on the filesystem.