GDPR Compliance

Kolide is used by many companies who must fully comply with the EU's General Data Protection Regulations (GDPR). To ensure we enable their compliance, Kolide has adopted a privacy policy that is compatible with the GDPR.

At Kolide, end-user privacy is a core tenet of our Honest Security vision. Therefore, we strive to make the protections specified in the GDPR available to all of the individuals in-scope for our solution, regardless of their physical location.

What is GDPR?

The GDPR is a comprehensive data protection law that came into effect on May 25, 2018. It replaced existing EU law to strengthen the protection of "personal data" and the rights of individuals. It's a single set of rules which governs the processing and monitoring of EU data.

How Kolide prepared for GDPR

Kolide has gone to great lengths to validate that our service is fully GDPR compliant not just legally, but to also ensure that the spirit of transparency and individual control emblematic in the law is fully realized. In practice, this means building a product that gives end-users unprecedented levels of transparency and control over the data that our service collects, well above the standards set in the rest of the cyber security and device management industries.

How does Kolide engage with customers concerned about GDPR compliance?

When Kolide engages with customers in-scope for the GDPR, Kolide will work with them to build a Data Protection Addendum (DPA) that satisfies GDPR requirements and gives organizations assurances their employee's personal data will be handled responsibility and within the parameters of US and EU data privacy laws.

In addition, Kolide will not engage with sub-processors or other third parties that might potentially handle personal data that do not have the appropriate documentation, tools, and legal attestations surrounding their GDPR compliance

Here are the ways Kolide makes GDPR easy for our customers:

We built a state of the art privacy center

Kolide offers an end-user accessible privacy center that gives employees in-scope for the Kolide service access to key privacy resources. Kolide's privacy center includes lists of Customer administrators with access to the data, and tools to view the data that Kolide collects.

We offer a ready-made Data Protection Addendum (DPA)

Strong data protection commitments are a key part of GDPR's requirements. Our standard data protection addendum shares our privacy commitments and sets out the terms for Kolide and our customers to meet GDPR requirements. This is available for customers to sign upon request.

We adopted the SCCs as our data transfer mechanism

If you are a resident in the European Economic Area, we may transfer your Personal Information to affiliated entities, we make use of the European Commission-approved standard contractual data protection clauses, binding corporate rules, or other appropriate legal mechanisms to safeguard the transfer

We appointed a Data Protection Officer

Kolide has appointed a Data Protection Officer to oversee our entire data privacy and management apparatus. You can contact our Data Protection Officer with any privacy related questions or concerns by emailing privacy@kolide.co

We enumerate and vet our sub-processors

We've reviewed all our vendors, researched and documented their GDPR position and ensured they were compatible with our GDPR commitments. You can view this list here.

We externally validate our security

At Kolide, security is a top priority. In addition to the technical controls we employ to keep customer data safe, we have spent considerable time investing in writing and adopting security and compliance frameworks and access control policies that ensure we are in alignment with international compliance standards.

Kolide is proud to announce we have validated this externally through the recent completion of our SOC 2 audit.

Questions?

If you have any questions about GDPR or Privacy please reach out to use at privacy@kolide.co