So, GDPR is here and a lot of people are overwhelmed. There has been plenty of time to prepare, but potential fines and regulatory demands are always difficult to deal with. We’ve recently covered how top network monitoring vendors are dealing with GDPR, but it’s important to understand how application performance monitoring (APM) vendors are reacting as well.
Under GDPR, APMs act as a data processor. This means that they process personal data on behalf of the data controller (the user). Data processors are required to protect stored personal data. Thus, there is a lot of responsibility on APM vendors to maintain reliability.
Considering how important collecting user data is to APMs, GDPR is especially important. Although clients are typically responsible for data collection, rather than the APM, customers must understand new best practices for data. Since companies using APMs are collecting customer data for application and behavioral analytics, much of the burden lies on them.
To maintain vendor neutrality, we’ve chosen to use the leading vendors from Gartner’s Application Performance Monitoring Magic Quadrant.
As AppDynamics was recently purchased by Cisco, they have a lot of resources to maintain GDPR compliance. Their website has dedicated a portion of their privacy center to GDPR. AppDynamics has assembled an internal team to manage GDPR. They have sponsorship from AppDynamics’ Chief Information Security officer and their General Counsel.
AppDynamics focuses on their dedication to GDPR. They have been performing privacy impact assessments on customer-facing products to understand what they can do better. Their legal teams have worked to update their data transfer and many other privacy-related agreements.
“AppDynamics is partnering with its parent company, Cisco, to collaborate on business-focused GDPR-readiness solutions, which include leveraging the leadership of Cisco’s world-class Data Protection, Security and Trust Organization, and Legal teams while sharing what AppDynamics’ in-house subject matter experts are learning and implementing”
CA Technologies provides extensive reports and a webcast to help their customers understand GDPR. Since CA Technologies has solutions from security to continuous testing to automation, they have an increased responsibility to maintain GDPR clients for themselves and their clients. On their blog, they’ve covered GDPR numerous times. Including a joke about Y2K.
Considering the breadth of their offerings, their tools to help GDPR compliance are abundant. For example, they have a privileged access manager (PAM) solution to automate access. When it comes to application performance monitoring, data access is important. Using a PAM tool can provide your company peace of mind during GDPR.
Another tool they offer to help protect application is the CA Test Data Manager:
“Test data management (TDM) – the process of providing, distributing and managing test data for development teams – takes on more urgency as the GDPR deadline looms.
Solid TDM practices are key to overcoming compliance hurdles and avoiding huge fines. By using synthetic data, organizations will avoid the pitfalls associated with masking production data.”
Dynatrace released a blog post going into detail about their responsibility under GDPR. They state, “When Dynatrace products capture personal data, it’s typically through the use of Real User Monitoring (RUM), also known as User Experience Monitoring (UEM).”
Dynatrace provides useful tips for updating privacy policies. They also list various ways that Dynatrace products support GDPR compliance. This includes: right to be informed, right to erasure, right to restrict processing, right to data portability, right to rectification or objection, and data protection.
Considering the breadth of their blog post, we encourage you to read it here. It’s not only useful for Dynatrace clients, it also provides insights for any company using an APM or other data collection tool.
New Relic does not have official documentation on their site regarding GDPR. In a recent discussion forum post, the director of the online technical community states that their will be documentation soon. I will add more to when the information is available.
New Relic did a post about GDPR deletion requests. It is mostly an instructional guide for customers to learn about deleting data.