Specops uReset and GDPR compliance
(Last updated on September 26, 2019)
With the introduction of Specops uReset (version 8.1 or later) in the Microsoft EU data center, organizations can now choose which instance of Specops uReset they want to use. Specops uReset is a hybrid password reset solution. The cloud components of Specops uReset can be accessed in data centers in either the EU or the US.
How and where personally identifiable data is processed is a cornerstone of the General Data Protection Regulation (GDPR). The GDPR is a European Union law that protects the data privacy of its residents, and imposes a wide range of requirements on any organization that collects or processes personal data of individuals in the EU. In this scenario, personally identifiable data can include email address, username, mobile number and e-signatures to name a few.
Specops uReset is a hybrid self-service password reset solution that relies on the organization’s Active Directory. The uReset configuration limits data collection and processing when carrying out the intended service. The solution only collects account data (organization name and email address) to activate a trial or customer account. If a user is removed or has their profile information modified in Active Directory, it will be reflected in uReset. This means that in most cases Specops uReset is the data processor.
The data the solution processes can vary depending on how the solution is configured e.g. what authentication factors an organization decides to enforce. For example, if mobile verification is selected as an identify service, the user’s mobile number will be processed by the system. Specops uReset processes user data in the following instances:
- When an end-user (employee at the organization who has signed up for the service) authenticates using the Specops uReset service.
- When an administrator and/or helpdesk staff uses the Specops uReset service to send notifications to users.
- When the customer needs support for their product, and they request remote access or share log files with Specops Software.
The GDPR requirements call for data processing agreements to be in place if data is being processed outside of the EU. With the addition of the EU data center, Specops uReset meets the needs of organizations who prefer to use an EU-based data center.