On May 25, 2018, the General Data Protection Regulation (GDPR) is fully enforceable across the European Union (EU), creating a higher standard for data protection, privacy, and security for the processing of personal data from the EU. The GDPR applies to the processing of personal data regardless of where that takes place in the world, and impacts any company that handles personal data of EU citizens and others within the EU.
At SolarWinds, GDPR readiness has required companywide changes and updates to policies as well as some product-related changes. The SolarWinds GDPR compliance program has taken over 12 months to audit, build, implement and test. SolarWinds has completed key assessments and updates to satisfy the GDPR requirements and all initiatives have been executed with the goal of providing transparency to data subjects regarding the care with which their personal data is treated.
SolarWinds has looked at every product and implemented processes and procedures designed to meet the obligations outlined in GDPR. SolarWinds is confident the steps taken adequately address the GDPR requirements and provides us the ability to satisfy data subject right requests.
|#||Obligation||Status||Key Compliance Milestones|
|1||Privacy Policies / Legal||✔||Updated policies, contract language, and DPAs|
|2||Data Protection / Security||✔||Updated guidelines; implemented security and access controls; audited vendors, IT systems, and products.|
|3||Data Subject Rights||✔||Developed processes and implemented technology to manage DSR requests.|
|4||Data Management / Mapping||✔||Completed data mapping and inventory of systems that manage personal data, including with implementation of data retention guidelines, data minimization standards, and de-identification methods.|
|5||Awareness / Training||✔||Conducted both enterprise and functional training and implemented additional data controls at the functional level.|
|6||Data Breach Notification||✔||Updated enterprise Security Incident Response Plan and conducted updated annual training to the Incident Response Team.|
SolarWinds products and services meet the principles of privacy by design and default as outlined in Article 25 of the General Data Protection Regulation (GDPR). Adherence to these standards means that our products have appropriate privacy and security features embedded within their design, and SolarWinds has the ability to fully support the data subject rights called out in the GDPR.
You can find more resources on GDPR in the Resource Center for DevOps Technical Professionals and the Resource Center for MSPs.
*The content provided and/or linked into from this page is provided for informational purposes only and should not be relied upon as legal advice or to determine how the EU General Data Protection Regulation (GDPR) may apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies to your organization, and how best to ensure compliance. SolarWinds makes no warranty, express or implied, or assumes any legal liability or responsibility for the information contained herein, including the accuracy, completeness, or usefulness of any information.