Specops uReset and GDPR compliance

With the introduction of Specops uReset (version 8.1 or later) in the Microsoft EU data center, organizations can now choose which instance of Specops uReset they want to use. Specops uReset is a hybrid password reset solution. The cloud components of Specops uReset can be accessed in data centers in either the EU or the US.

How and where personally identifiable data is processed is a cornerstone of the General Data Protection Regulation (GDPR). The GDPR is a European Union law that protects the data privacy of its residents, and imposes a wide range of requirements on any organization that collects or processes personal data of individuals in the EU. In this scenario, personally identifiable data can include email address, username, mobile number and e-signatures to name a few.

Specops uReset is a hybrid self-service password reset solution that relies on the organization’s Active Directory.  The uReset configuration limits data collection and processing when carrying out the intended service. The solution only collects account data (organization name and email address) to activate a trial or customer account. If a user is removed or has their profile information modified in Active Directory, it will be reflected in uReset. This means that in most cases Specops uReset is the data processor.

The data the solution processes can vary depending on how the solution is configured e.g. what authentication factors an organization decides to enforce. For example, if mobile verification is selected as an identify service, the user’s mobile number will be processed by the system. Specops uReset processes user data in the following instances:

  • When an end-user (employee at the organization who has signed up for the service) authenticates using the Specops uReset service.
  • When an administrator and/or helpdesk staff uses the Specops uReset service to send notifications to users.
  • When the customer needs support for their product, and they request remote access or share log files with Specops Software.

The GDPR requirements call for data processing agreements to be in place if data is being processed outside of the EU. With the addition of the EU data center, Specops uReset meets the needs of organizations who prefer to use an EU-based data center.

(Last updated on September 26, 2019)

Tags: , ,

Back to Blog

Related Articles

  • GDPR compliance and access control – what you should already be doing

    With less than a year until the EU General Data Protection Regulation (GDPR) takes effect, all organizations collecting or processing data for individuals within the EU are in the midst of developing their compliance strategy. The new regulation will carry an impact well beyond Europe. A recent PwC pulse survey found that over half of…

    Read More
  • How do I create HITRUST compliant password policies?

    The HITRUST CSF clarifies guidelines on security standards for the healthcare industry with specific feature recommendations where the password management system is concerned.

    Read More
  • What breach disclosure requirements mean for your organization

    Following a data breach incident, organizations following compliance standards, such as HIPAA, need to follow certain data breach notification requirements. This post will summarize some of these requirements, as well as regional-specific disclosure responsibilities. For the purposes of this post, a data breach, is an incident “where personal data has been subject to unauthorised access,…

    Read More