SolarWinds GDPR Statement – Updated May 16, 2018*

On May 25, 2018, the General Data Protection Regulation (GDPR) is fully enforceable across the European Union (EU), creating a higher standard for data protection, privacy, and security for the processing of personal data from the EU. The GDPR applies to the processing of personal data regardless of where that takes place in the world, and impacts any company that handles personal data of EU citizens and others within the EU.

SolarWinds has made information security and data privacy foundational principles of everything we do, and we recognize the importance of passing regulations to advance information security and data privacy for citizens of the EU. We take special pride in our role in helping technical professionals get ready for GDPR and providing resources to support them in providing a more secure environment. We are firmly committed to GDPR compliance across all business units and we provide all updated information in our Privacy Policy, our Cookie Policy, and honor all contact preferences in our email preference center and all Data Subject Requests (DSR) in the links provided.

At SolarWinds, GDPR readiness has required companywide changes and updates to policies as well as some product-related changes. The SolarWinds GDPR compliance program has taken over 12 months to audit, build, implement and test. SolarWinds has completed key assessments and updates to satisfy the GDPR requirements and all initiatives have been executed with the goal of providing transparency to data subjects regarding the care with which their personal data is treated.

SolarWinds has looked at every product and implemented processes and procedures designed to meet the obligations outlined in GDPR. SolarWinds is confident the steps taken adequately address the GDPR requirements and provides us the ability to satisfy data subject right requests.

# Obligation Status Key Compliance Milestones
1 Privacy Policies / Legal Updated policies, contract language, and DPAs
2 Data Protection / Security Updated guidelines; implemented security and access controls; audited vendors, IT systems, and products.
3 Data Subject Rights Developed processes and implemented technology to manage DSR requests.
4 Data Management / Mapping Completed data mapping and inventory of systems that manage personal data, including with implementation of data retention guidelines, data minimization standards, and de-identification methods.
5 Awareness / Training Conducted both enterprise and functional training and implemented additional data controls at the functional level.
6 Data Breach Notification Updated enterprise Security Incident Response Plan and conducted updated annual training to the Incident Response Team.

SolarWinds products and services meet the principles of privacy by design and default as outlined in Article 25 of the General Data Protection Regulation (GDPR). Adherence to these standards means that our products have appropriate privacy and security features embedded within their design, and SolarWinds has the ability to fully support the data subject rights called out in the GDPR.

You can find more resources on GDPR in the Resource Center for DevOps Technical Professionals.

SolarWinds Resources

*The content provided and/or linked into from this page is provided for informational purposes only and should not be relied upon as legal advice or to determine how the EU General Data Protection Regulation (GDPR) may apply to you and your organization. We encourage you to work with a legally qualified professional to discuss GDPR, how it applies to your organization, and how best to ensure compliance. SolarWinds makes no warranty, express or implied, or assumes any legal liability or responsibility for the information contained herein, including the accuracy, completeness, or usefulness of any information.