IBM Sterling Control Center Director and GDPR Compliance

IBM® Sterling Control Center Director encrypts/hashes stored passwords, however does not encrypt log records, user names, names, email addresses, phone numbers. IBM Sterling Control Center Director allows you to view, update, delete user information when needed.

The following topics contain detailed information about how IBM Sterling Control Center Director complies with General Data Protection Regulation (GDPR):

IBM Control Center Director offers security and privacy capabilities, including certificate based authentication to monitored Connect:Direct Servers, and technical security capabilities, to support you in meeting the GDPR compliance obligation. For more information see, Certificate-based Authentication.
IBM Control Center Director stores user information in the CC_USERS table of the database. If you have manage permission, you can view, update, and delete user information. To manage users and roles (view, update, and delete) go to Control Center Director Web Console > Users & Roles.
IBM Control Center Director stores audit log information in the AUDIT_LOG and CC_AUDIT_LOG_CHANGE_SET tables of the databases. The audit log information keeps track of what user makes what changes to the system. In the web console, you can navigate through IBM Sterling Control Center > Menu Setting > System Setting > Database > Audit Data Older than days. Any data older than the specified number of days is deleted daily at the specified maintenance time.
If you have the manage permission, you can delete a user account when it is not active. It can be done from Control Center Director Web Console > Users & Roles.
Control Center Director encrypts/hashes stored passwords, however does not encrypt log records, user names, names, email addresses, phone numbers.