Complying with GDPR Requests in macOS Security

Jamf Protect Documentation
Solution
Application
Content Type
Technical Documentation
Utilities & Services
ft:locale
en-US

Jamf is committed to complying with the EU General Data Protection Regulation (GDPR) and helping our customers comply with "right of access" and "right to be forgotten" requests related to GDPR. Here we provide information about the remediation process that customers can use in their environments if they receive GDPR-related requests from end users.

Jamf Protect's macOS Security portal stores data in a database for short-term and long-term access. The data storage retention period is set by an administrator and can be modified if necessary.
Note:

Customers who use data forwarding to forward specific data to third-party vendors should review their data forwarding and retention policy in the third-party vendor solution, to ensure that they adhere to GDPR guidelines for privacy.

Accounts and groups may store personal data of Jamf Protect Admins in the Jamf Protect Cloud.

The following features of Jamf Protect's macOS Security portal have the potential to store personal data of the users associated with a computer in the Jamf Protect Cloud.

  • Alerts

  • Computer records

  • Unified log data

  • Custom prevent list objects

  1. Identify and create a list of all of the computers that the requesting customer used in Jamf Protect .
  2. Delete the relevant computer records from the Jamf Protect Cloud database.
  3. Change the retention period of the data hosted in long term storage to be 30 days.

    For information about configuring data retention settings see Configuring Data Retention Settings.

    Important:

    If the request originated from a Jamf Protect Admin user, there may be additional personal data stored in the audit logs. This personal data could include the requestor's name, email address, IP host name, and IP address. Contact Jamf Support if these audit logs need to be truncated.

The relevant computer records in the database are deleted and the information in long term storage will be retained for 30 days and then deleted.

Any requests to delete personal information from the Jamf Security Cloud portal can be submitted by contacting privacy@jamf.com.