---
title: GDPR Compliance
description: Due to the GDPR regulations, Ping Identity has identified the following critical areas that would assist in implementing a compliant system. The below identifies what personal data is captured, where that data is stored, when it is stored and who can potentially access the data. It is the implementer's responsibility to scrub the personal data as necessary to be considered compliant with GDPR regulations.
component: identity-governance
version: 7.1.2
page_id: identity-governance:admin-guide:chap-gdpr-compliance
canonical_url: https://docs.pingidentity.com/identity-governance/7.1.2/admin-guide/chap-gdpr-compliance.html
section_ids:
  what_personal_data_is_being_stored: What personal data is being stored?
  where_the_personal_data_is_being_stored: Where the personal data is being stored?
  when_is_the_data_being_stored: When is the data being stored?
  who_can_access_the_data: Who can access the data?
---

# GDPR Compliance

Due to the GDPR regulations, Ping Identity has identified the following critical areas that would assist in implementing a compliant system. The below identifies what personal data is captured, where that data is stored, when it is stored and who can potentially access the data. It is the implementer's responsibility to scrub the personal data as necessary to be considered compliant with GDPR regulations.

## What personal data is being stored?

Since Ping Identity PingIDM allows the user schema to be customized and linked to outside resources; it is not feasible to identify all the potential Personal Identification Information (PII) that Ping Identity AccessReview can access. It is important to know that any application data that contains PII linked to an PingIDM user is exposed to the Ping Identity AccessReview application. If the attributes that contain sensitive data are set to displayable or certifiable, it is stored at the time of creating the user certification.

Examples: \* User Attributes: **username **givenName **sn **email \* OpenDJ **member\_address **member\_ssn

## Where the personal data is being stored?

* auditactivity

* genericobjects

* genericobjectproperties

## When is the data being stored?

* During the creation of a certification campaign or policy violation

* When a certification campaign or policy violation is acted upon

## Who can access the data?

* Ping Identity AccessReview administrators

* Ping Identity AccessReview certifiers

* PingIDM Admins