Ping Identity Reporting

GDPR compliance

Due to GDPR regulations,Ping Identity has identified the following critical areas that support the implementation of a compliant system. The following sections identify what personal data is captured, where that data is stored, when it is stored, and who can potentially access the data. It is the implementer’s responsibility to scrub personal data as necessary to ensure compliance with GDPR regulations.

What personal data is being stored?

As PingIDM allows the user schema to be customized and linked to outside resources, it is not feasible to identify all potential Personal Identification Information (PII) that PingIDR can access. It is important to know that any application data containing PII linked to an IDM user is exposed to the PingIDR application.

Examples: User Attributes:

  • username

  • givenName

  • sn

  • email

Where is personal data stored?

Reports can be exported in XLS or PDF format. Exporting a report is done in memory and leaves no artifacts on the filesystem.

When is the data being stored?

Data is stored when an authorized Identity Reporting user exports a report to XLS or PDF. Exporting a report is done in memory and leaves no artifacts on the filesystem.

Who can access the data?

  • Ping Identity Reporting administrators

  • PingIDM Admins

  • Individuals who received the exported report

  • IT administrators who have access to the filesystem