Here you will learn about the General Data Protection Regulation (GDPR) and where VMware Tanzu Application Service for VMs (TAS for VMs) might store personal data.
GDPR came into effect on May 25, 2018 and affects any company processing the data of EU citizens or residents, even if the company is not EU-based. The GDPR sets forth how companies can handle privacy issues, securely store data, and respond to security breaches.
The GDPR grants data subjects certain rights, such as the right to obtain a copy of their personal data, object to the processing of personal data, and the right to have their personal data erased. Organizations subject to GDPR need to ensure that they can address and respond to requests by data subjects if they are processing their personal data.
Article 4, Section 1 of the GDPR defines personal data as follows:
'personal data' means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
For more information, see the GDPR text.
Personal data can be collected, stored, and processed in a TAS for VMs deployment. VMware has performed a review of TAS for VMs components and determined that personal data may reside in the following areas:
The following sections explain how different TAS for VMs components collect personal data.
UAA is an open-source Cloud Foundry component that provides identity management features and identity-based security for apps and APIs. For more information, see User Account and Authentication.
GDPR | Workflow | What personal data is collected? | When is it collected? | Where is it stored? | How is it processed? | Who has access to it? |
---|---|---|---|---|---|---|
Business Initiation | User registers |
|
User registration submission | UAA DB | Stored in UAA DB |
|
Just-in-time provisioning: create user on user login |
|
User login | UAA DB | Stored in UAA DB | UAA administrators | |
Admin user makes a creation API call |
|
Admin API call | UAA DB | Stored in UAA DB | UAA administrators | |
Business Execution | User self-updates profile |
|
User registration submission | UAA DB | Stored in UAA DB |
|
Just-in-time provisioning: user update |
|
User login | UAA DB | Stored in UAA DB | UAA administrators | |
User logs in |
|
User login | User browser | By UAA |
|
|
Admin user makes an update API call |
|
Admin API call | UAA DB | Stored in UAA DB | UAA administrators | |
Delete User Flow | Admin user makes a hard delete API call | n/a | n/a | n/a | Deleted from UAA DB | UAA administrators |
Admin user makes a deactivation API call | n/a | n/a | n/a | Soft delete (records still held in database but user cannot login) | UAA administrators | |
Reports/Logs | Event or debug logs | Any information | When event happens | UAA logs | Depends on setup of Loggregator and log forwarding | BOSH administrators |
The Cloud Foundry API release contains several components, including the Cloud Controller. For more information, see the Cloud Foundry API release README.
GDPR | Workflow | What personal data is collected? | When is it collected? | Where is it stored? | How is it processed? | Who has access to it? | How long is it kept? |
---|---|---|---|---|---|---|---|
Business Initiation | User makes a request for the first time | User ID | The first time a user makes a request to the API | Cloud Controller DB | It is used to identify permissions for the user | Operations Manager operator | As long as the user is part of the system |
Business Execution | Troubleshooting API requests |
|
On each request |
|
n/a | Operations Manager operator |
|
Audit Trails | Audit what changes a user makes |
|
On specific API requests that mutate the state of resources | Audit Event Table in the Cloud Controller DB | n/a |
|
31 days |
Audit what changes a user makes |
|
On each request |
|
n/a | Operations Manager operator |
|
|
Audit what user created a resource |
|
When API resources are created | As part of the resource row in Cloud Controller DB | n/a |
|
As long as the resource exists |
By default, the Gorouter logs include the X-Forwarded-For
header, which may include the originating client IP. Under GDPR, client IP addresses should be considered personal data.
In TAS for VMs v2.0 and later and Elastic Runtime v1.12, operators can deactivate logging of client IP addresses in the Gorouter.
To deactivate logging of client IP addresses:
Go to the Tanzu Operations Manager Installation Dashboard and click the TAS for VMs or Elastic Runtime tile.
Click Networking.
In Client IP Logging::
Click Save.
Return to the Tanzu Operations Manager Installation Dashboard, click Review Pending Changes, and click Apply Changes to redeploy.
Diego is the container management system for TAS for VMs. For more information, see Diego Components and Architecture.
GDPR | Workflow | What personal data is collected? | When is it collected? | Where is it stored? | How is it processed? | Who has access to it? | How can I delete it? |
---|---|---|---|---|---|---|---|
Business Execution | Executing apps and tasks | No personal data is collected explicitly, but personal data might be encoded in app file contents or runtime metadata such as environment variables or start commands. | Runtime metadata is collected when Cloud Controller submits work specification to the Diego BBS API. File contents are collected when Diego schedules an app or a task on a Diego Cell. | Runtime metadata is stored in the Diego BBS DB. App file contents are cached on Diego Cells. | Runtime metadata is used to start processes inside app instance containers and to configure their environment. App file contents are presented as part of the app instance container filesystem. | Platform operators and other developers with access to the Cloud Controller space containing that app can view the data. |
|
Reports/Logs | SSH proxy logs TAS for VMs user access. | UAA user name and ID | When the user authenticates for SSH access to an app. | The data is stored in a log file collocated with the SSH proxy instance handling the authentication request. This log file can also have its contents forwarded to a remote syslog destination. | No processing of the local log file is done automatically. If the log file contents are forwarded to a log aggregation service, they might be parsed and processed arbitrarily. | Only platform operators have access to the local log file. Platform operators or auditors have access to these log contents in a downstream log aggregation service. | To delete the log lines containing the user ID:
|
The Notifications Service enables operators to configure components of TAS for VMs to send emails to end users. For more information, see Getting Started with the Notifications Service.
GDPR | Workflow | What personal data is collected? | When is it collected? | Where is it stored? | How is it processed? | Who has access to it? |
---|---|---|---|---|---|---|
Business Execution | Sending email to UAA users | User ID | First email sent | The receipts table in the Notifications database |
Stored in the Notifications database | Notifications operator making a database query |
UAA user unsubscribes globally | User ID | When the UAA user unsubscribes | The global_unsubscribes table in the Notifications database |
Stored in the Notifications database | Notifications operator making a database query | |
UAA user unsubscribes from a specific kind of email | User ID | When the UAA user unsubscribes | The unsubscribes table in the Notifications database |
Stored in the Notifications database | Notifications operator making a database query | |
UAA user unsubscribes from a campaign in the v2 API | User ID | When the UAA user unsubscribes | The unsubscribes table in the Notifications database |
Stored in the Notifications database | Notifications operator making a database query | |
Reports/Logs | UAA user unsubscribes | User email address | When the UAA user unsubscribes | Log output | Loggregator | Loggregator Firehose users |