Assistance with Data Subject Rights Requests - ForgeRock Identity Cloud
How to respond to data subject rights requests that Customers receive from their end users.
Responding to Data Subject Rights Requests
This article explains how to fulfil data subject rights requests that are submitted by end users of ForgeRock Identity Cloud.
Any privacy requests submitted by end users of ForgeRock Autonomous Access shall be serviced via a separate Customer Advisory available here.
Data Subject Rights
Under global privacy laws, data subjects may have the following rights in respect of their personal data:
-
Deletion
-
Access
-
Removal of consent
-
Transparency of information over how personal data is processed
-
Rectification
-
Restriction
-
Portability
-
Objection to Automated Processing
These rights can be fulfilled in a different manner according to the nature of a Customer’s subscription.
ForgeRock Identity Cloud - Directory Services
Data Subject Right |
Fulfilment/Explanation |
Deletion |
Delete a user’s profile - see Managing Identities. |
Access |
Download a JSON of a user’s profile - see Managed Users. |
Withdrawal of consent |
Delete a user’s profile - see Managing Identities. There is no need to maintain the profile as consent has been withdrawn for processing. |
Transparency |
Users can be presented with applicable terms and conditions, including details on how their personal data is processed - see Accept Terms and Conditions node. |
Rectification |
Edit a user’s profile - see Managing Identities. |
Restriction |
Delete or edit a user’s profile in accordance with the request - see Managing Identities. |
Portability |
Provide a user with a JSON file containing their user profile details - see Managed Users. JSON is a commonly used format that can be ported to and ingested by other providers. |
Objection to Automated Processing |
End users can submit a support request to a Customer objecting to automated processing. As any automated configuration is created by the Customer, this can be answered at the Customer’s discretion. The nature of the Customer’s support offering to its end users is fully configurable. |
ForgeRock Identity Cloud - Google Logs Explorer
Data Subject Right |
Fulfilment/Explanation |
Deletion |
No action required - logs generated by ForgeRock Identity Cloud are deleted automatically every 30 days. |
Access |
Retrieve details of specific logs that cover the end user’s request - see Get audit and debug logs. |
Removal of consent |
No action required - logs generated by ForgeRock Identity Cloud are deleted automatically every 30 days. |
Transparency |
Not applicable - suitable information is contained in the terms and conditions presented to end users - see Accept Terms and Conditions node. |
Rectification |
Not Applicable - logs generated by ForgeRock Identity Cloud cannot be rectified because their content cannot be amended after they are generated. |
Restriction |
Not Applicable - logs generated by ForgeRock Identity Cloud cannot be restricted because the personal data contained in audit & debug logs represents the minimum required for effective log appraisal. |
Portability |
Not Applicable - logs generated by ForgeRock Identity Cloud cannot be ported to any other provider as they are proprietary and specific to ForgeRock products. |
Objection to Automated Processing |
Not Applicable - end users are not subject to a decision based on the processing of personal data by ForgeRock Identity Cloud. |