The security and privacy requirements related to the processing and storage of personal data regulated in the GDPR impact OneSpan Authentication Server Appliance, its components, and side products.
To comply with the GDPR, OneSpan Authentication Server Appliance, its components, and side products fulfill the following requirements:
- Personal data is encrypted when in transit and when at rest (see
- Personal data can be deleted upon request (see Erasure of personal data in OneSpan Authentication Server Appliance).
- Personal data can be exported in a structured and common, machine-readable format (see Data portability).
Types of personal data in OneSpan Authentication Server
OneSpan Authentication Server stores or processes personal user data in the following locations:
- User database
- Audit database
- Audit log files
- Diagnostic log files (if tracing is enabled in OneSpan Authentication Server)
Table: Personal data in OneSpan Authentication Server (Overview) provides an overview of the type of personal data and the location in OneSpan Authentication Server, where personal data is stored and/or processed.
Personal data in the OneSpan Authentication Server Appliance Configuration Tool
Access to the OneSpan Authentication Server Appliance Configuration Tool and personal data stored in the tool is regulated via two OneSpan Authentication Server user privileges:
- View Audit Information. This privilege grants access to the Configuration Tool Audit Viewer.
- Appliance Administration. This privilege gives full administrative access.
The Configuration Tool also has a default sysadmin user with full access. We recommend not to share this account since this account makes it more difficult or even impossible to identify which user accessed OneSpan Authentication Server Appliance. The sysadmin user can be disabled.