Our Web Help Desk is populated from Active Directory with Staff names, ID numbers and email addresses to track calls. This is personal data under EU Data protection regulations - GDPR (Home Page of EU GDPR . I realize that how Web Help Desk is utilized ultimately determines GDPR compliance but is there a document available describing compliance with GDPR in general?
Is there functionality to maintain archive of calls for analysis of calls but to remove personal data when a staff member leaves?
Is there functionality to remove data once its exceeds the data retention period defined for it?
Under GDPR, a data subject can request their personal data in a structured, commonly used and machine readable format, is their a mechanism to extract user details in this manner?
Is there documentation in relation to prevention of data breaches or CyberSecurity in general?
The General Data Protection Regulation (GDPR) applies to companies that manage personal data, not to software products or services. This means that Web Help Desk does not require any GDPR compliance as any database withheld is maintained and managed by yourselves. If the database is managed by a third-party company that you may have gone through, you would need to bring this up with them.
SolarWinds will not have any document available to describe compliance with GDPR. However, for a general document, there are many articles and documents that have been created as a step-by-step guide or as guidelines. I personally recommend the guide you can download here: EU GDPR - A Compliance Guide
You can also find the general GDPR page here: HomePage: EU GDPR
As GDPR doesn't apply to Web Help Desk, it is up to yourself to manage and remove any of your data. (once again, only relevant unless your data is held by a third-party company in which you would request such from them.) There isn't any functionality to remove data after an exceeded retention period of the removal of data when a member of staff leaves, and getting assistance from SolarWinds may be beneficial but may result with no appropriate answer.
You can search and export data from any of the Search features in Web Help Desk, configure the Column Set's that you want to include in the export and forward the export to the user. Note that any tickets you may export would be recommended not to include the Notes section as this can be messy at times and there may be internal notes that you don't want to display to any customers.
There's plenty of information online for data breach and cyber security, I used this guide to give me a better understanding and do the most fundamental and basic requirements: Guide to Developing a Cyber Security and Risk Mitigation Plan
This guide may also deem useful: Data Breach Response Policy Guide
Note that this is my interpretation and may vary across the board, I would still recommend raising a support case with SolarWinds to review what you have requested here.
As mentioned in my query I realize that usage of software determines GDPR compliance, to be totally accurate I should have asked for documentation on facilitating compliance to GDPR. All EU customers will store names and email addresses in Web Help Desk which is personal data so will be interested in what functionality their software provides to comply with GDPR. New EU customers will certainly be looking for a description of how the software will facilitate compliance.
I am not looking for general information on data breaches and Cyber Security. I am looking for information on how security is implemented in Web Help Desk. There is a specific requirement in GDPR which EU customers will have to meet (and indeed any company which supports EU nationals) but the same requirement is there for ensuring that the software you use is secure.
Raise a ticket with SolarWinds Support, they are the best people to inform you of the exact security put into the software.
SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 150,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process. Learn more today by joining now.