At Kolide, end-user privacy is a core tenet of our Honest Security vision. Therefore, we strive to make the protections specified in the GDPR available to all of the individuals in-scope for our solution, regardless of their physical location.
What is GDPR?
The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of "personal data" and the rights of individuals. It's a single set of rules which governs the processing and monitoring of EU data.
How Kolide prepared for GDPR
Kolide has gone to great lengths to validate that our service is fully GDPR compliant not just legally, but to also ensure that the spirit of transparency and individual control emblematic in the law is fully realized. In practice, this means building a product that gives end-users unprecedented levels of transparency and control over the data that our service collects, well above the standards set in the rest of the cyber security and device management industries.
How does Kolide engage with customers concerned about GDPR compliance?
When Kolide engages with customers in-scope for the GDPR, Kolide will work with them to build a Data Processing Addendum (DPA) that satisfies GDPR requirements and gives organizations assurances their employee's personal data will be handled responsibility and within the parameters of US and EU data privacy laws.
In addition, Kolide will not engage with sub-processors or other third parties that might potentially handle personal data that do not have the appropriate documentation, tools, and legal attestations surrounding their GDPR compliance
Here are the ways Kolide makes GDPR easy for our customers:
We built a state of the art privacy center
Kolide offers an end-user accessible privacy center that gives employees in-scope for the Kolide service access to key privacy resources. Kolide's privacy center includes lists of Customer administrators with access to the data, and tools to view the data that Kolide collects.
We offer a ready-made Data Processing Addendum (DPA)
Strong data protection commitments are a key part of GDPR's requirements. Our standard data processing agreement shares our privacy commitments and sets out the terms for Kolide and our customers to meet GDPR requirements. This is available for customers to sign upon request.
We adopted the SCCs as our data transfer mechanism
If you are a resident in the European Economic Area, we may transfer your Personal Information to affiliated entities, we make use of the European Commission-approved standard contractual data protection clauses, binding corporate rules, or other appropriate legal mechanisms to safeguard the transfer
We appointed a Data Protection Officer
Kolide has appointed a Data Protection Officer to oversee our entire data privacy and management apparatus. You can contact our Data Protection Officer with any privacy related questions or concerns by emailing email@example.com
We enumerate and vet our sub-processors
We've reviewed all our vendors, researched and documented their GDPR position and ensured they were compatible with our GDPR commitments. You can view this list here.
We externally validate our security
At Kolide, security is a top priority. In addition to the technical controls we employ to keep customer data safe, we have spent considerable time investing in writing and adopting security and compliance frameworks and access control policies that ensure we are in alignment with international compliance standards.
Kolide is proud to announce we have validated this externally through the recent completion of our SOC 2 audit.
If you have any questions about GDPR or Privacy please reach out to use at firstname.lastname@example.org