General Data Protection Regulation (GDPR)
The future of data privacy is now, and it’s going global
The General Data Protection Regulation (GDPR), is an updated European privacy and data protection law, that will come into force on May 25, 2018. GDPR re-emphasizes and reinforces existing data protection principles in the European Union (EU). GDPR also adds new rules that are designed to expand legal and privacy rights protections for EU citizens.
As a leader in the application performance monitoring and business intelligence space, AppDynamics understands the value and importance of effectively leveraging data to solve modern business problems. AppDynamics also respects the need to protect data and to comply with data protection rules, especially when it comes to personal data and the rights of individual data subjects.
AppDynamics welcomes GDPR as an important update to the global view on privacy, data protection, and cybersecurity.
Key features of GDPR
Enhanced data subject rights
Consent - Consent must be specific, informed, freely given and an unambiguous indication of the data subject’s consent to the processing. Data subjects can withdraw consent at any time and must be able to do this as easily as it was to give consent
Right to erasure - Data subjects have the right to require a data controller to delete personal data where the data controller does not have a legitimate ground to retain the data
Privacy and data impact assessments
Privacy by design and by default
Privacy issues must be considered and addressed at the design phase of products, websites, and other systems that process personal data, and specific privacy-minded functionality must be designed into offerings. Products must be provided to data subjects with the most privacy-favored functionality on by default.
Incident response and breach notification
GDPR requires data controllers to notify the relevant Data Protection Authority(s) within 72 hours of a breach affecting personal data, unless the breach is unlikely to result in a risk to the rights and freedoms of the natural persons; and any impacted data subjects without undue delay when a high risk to rights and freedoms is likely. Data processors must notify data controllers of a data security breach without undue delay.
Data processor’s liability
Appointment of Data Protection Officer (DPO)
AppDynamics is committed to GDPR readiness
AppDynamics and Cisco are acutely aware of GDPR and its implications both for AppDynamics and for our customers. AppDynamics has established an internal, cross-functional team to manage this important project, with executive sponsorship from both AppDynamics’ Chief Information Security Officer and AppDynamics’ General Counsel. There are many new requirements to work through to achieve compliance readiness by May 25, 2018, and implementation work at AppDynamics remains ongoing.
Here are some highlights of the work that our teams are tracking in key areas as GDPR approaches:
AppDynamics continues to maintain a comprehensive security program and organization that is supported by leadership who are committed to proactively managing privacy and cybersecurity risk
Product Management, Security, Privacy, and Legal team leadership have launched a cross-functional GDPR team charged with reviewing and optimizing processes around the business to ensure AppDynamics is ready to comply as well as developing a privacy by design infused engineering road map
AppDynamics is partnering with its parent company, Cisco, to collaborate on business-focused GDPR-readiness solutions, which include leveraging the leadership of Cisco’s world-class Data Protection, Security and Trust Organization, and Legal teams while sharing what AppDynamics’ in-house subject matter experts are learning and implementing
AppDynamics demonstrates its focus on protecting customer information by maintaining SOC 2 certification
Data review and risk assessment
Ensuring appropriate data transfer mechanisms
The AppDynamics Legal team is working hard to update data transfer agreements where appropriate
AppDynamics’ Privacy and Legal teams are actively monitoring and exploring possible implementation of legally-recognized alternatives to model clauses and data transfer agreements
Accounting for and managing third-party risk
Privacy and security by design/default
AppDynamics regularly reviews, updates and tests its incident response policy, operational program, and relevant training materials with the new GDPR overlay in mind
Additional information on AppDynamics’ privacy practices and program
AppDynamics engages third-party service providers to support the availability and data processing activities of our products and related services. For more information on our subprocessors and third party service providers, click here.
International data transfers
AppDynamics complies with applicable law when we make international transfers of our customers’ personal data. Where your use of AppDynamics products and services requires us to transfer personal data to a location outside the European Economic Area, we employ the following legally-recognized data transfer mechanisms: the EU-US Privacy Shield, the Swiss-US Privacy Shield, and Standard Contractual Clauses (also commonly referred to as EU Model Clauses).
AppDynamics Privacy Shield certification
AppDynamics is a wholly owned subsidiary of Cisco Systems, Inc. (“Cisco”). Cisco participates in and has certified its compliance with the EU-U.S. Privacy Shield Framework and the Swiss-U.S. Privacy Shield Framework. We are committed to subjecting all personal data received from European Union (“EU”) member countries and Switzerland, respectively, in reliance on each Privacy Shield Framework, to the Framework’s applicable Principles. To learn more about the Privacy Shield Frameworks, and to view our certification, visit the U.S. Department of Commerce’s Privacy Shield List at https://www.privacyshield.gov.
Security program and certification
AppDynamics is committed to providing strong levels of security assurance for our customers, our partners, and our community. Through the development of our cross-functional security program, our employees are working hard to ensure the security of our software products and services and our systems that we leverage to operate our company.