Pricing  Get Quote

GDPR password requirements

A General Data Protection Regulation password policy

What is the GDPR?

The General Data Protection Regulation (GDPR) was enacted by the European Union in April 2016. It was passed as a replacement of an outdated data protection directive from 1995. The GDPR focuses on regulations to properly collect, store, transmit, and handle EU citizens' personal and sensitive data, both inside and outside the EU. Companies handling such sensitive data must ensure compliance with the GDPR.

What are the GDPR password requirements?

The GDPR does not mention any specific requirements concerning password security. However, organizations seeking comprehensive GDPR compliance are encouraged to adopt the following password and authentication best practices:

  1. The minimum password length should be eight characters.
  2. Old passwords must not be repeated.
  3. Passwords should not contain personal information or dictionary words.
  4. Passphrases are recommended for passwords.
  5. Passwords should contain at least one character from each of the five character categories: uppercase, lowercase, numeric, special, and Unicode characters.
  6. Passwords should never be stored in plaintext but should be encrypted using strong encryption algorithms.
  7. Users must be authenticated with MFA techniques.

Make your organization GDPR-compliant with ADSelfService Plus

ADSelfService Plus offers strong password policy and MFA settings that can help your organization comply with the password and authentication best practices listed above. You can create a custom password policy over the built-in AD password policies and enforce it on all AD users or just specific ones based on their domain, OU, or group memberships.

  1. Ban weak passwords: Block leaked or weak AD passwords, patterns, and palindromes.
  2. Set a custom password length: Make longer passwords mandatory by specifying the minimum password length.
  3. Enforce password histories: Ensure strong passwords by prohibiting users from reusing a set number of their previous passwords during resets and changes.
  4. Ensure password complexity: Allow users to use Unicode characters in their passwords in addition to uppercase, lowercase, special, and numeric characters.
  5. Mandate MFA for users: Secure user access to resources by enabling MFA for machines, applications, VPNs, and OWA. Choose from a range of 20 different MFA authenticators to verify users' identities.
  • Password Policy Enforcer
  • MFA

Password policy configuration in ADSelfService Plus for achieving compliance with the GDPR

Configure the minimum password length and the inclusion of alphanumeric characters in passwords.
Restrict users from reusing their previous passwords during password creation.
Choose the minimum number of complexity requirements that your users' passwords should satisfy according to your organization's security needs.


Benefits of using ADSelfService Plus to comply with the GDPR

  • Increased password security: Enforce passphrases and restrict consecutive repeated characters and common character types in passwords. Enable the Password Strength Analyzer to give users instant visual feedback on their password strength when they change or reset their AD passwords.
  • Fine-grain flexibility: Create different password policies for different users accessing different levels of sensitive data depending on the OUs or groups that they belong to in the organization.
  • Advanced MFA techniques: Implement adaptive MFA techniques, like conditional access and customizable trust options, to authenticate users based on their location, IP address, and device type.
  • Compliance with regulations and standards: Ensure that your organization complies not only with GDPR standards but also with NIST SP 800-63B, PCI DSS, CJIS Security Policy, and SOX compliance mandates.

Adhere to GDPR compliance norms with ADSelfService Plus

Get your free trial  

Password self-service

Free Active Directory users from attending lengthy help desk calls by allowing them to self-service their password resets/ account unlock tasks. Hassle-free password change for Active Directory users with ADSelfService Plus ‘Change Password’ console. 

One identity with Single sign-on

Get seamless one-click access to 100+ cloud applications. With enterprise single sign-on, users can access all their cloud applications with their Active Directory credentials. Thanks to ADSelfService Plus! 

Password/Account Expiry Notification

Intimate Active Directory users of their impending password/account expiry by mailing them these password/account expiry notifications.

Password Synchronizer

Synchronize Windows Active Directory user password/account changes across multiple systems, automatically, including Office 365, G Suite, IBM iSeries and more. 

Password Policy Enforcer

Ensure strong user passwords that resist various hacking threats with ADSelfService Plus by enforcing Active Directory users to adhere to compliant passwords via displaying password complexity requirements.

Directory Self-UpdateCorporate Search

Portal that lets Active Directory users update their latest information and a quick search facility to scout for information about peers by using search keys, like contact number, of the personality being searched.

ADSelfService Plus trusted by

Back to Top