So we could delete any older than XX days - typical AUDIT requirements.

And it also becomes quite pertinent with regards to GDPR

Not a GDPR expert (is anyone?) but in what way would that apply to internal employees which are the only people I expect would be logging in to Dynatrace?

The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

1. the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
2. the data subject withdraws consent on which the processing is based according to point (a) of Article 6(1), or point (a) of Article 9(2), and where there is no other legal ground for the processing;
3. the data subject objects to the processing pursuant to Article 21(1) and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2);
4. the personal data have been unlawfully processed;
5. the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;
6. the personal data have been collected in relation to the offer of information society services referred to in Article 8(1).

I'm clear on that but would suspect this is more for a customer -> service provider relationship as opposed to an employee->employer relationship. I would expect an employer has the right to keep records on their employment history. Note that I'm just curious as I've never heard anyone applying GDPR regs to employees. I did find this though so it does seem it cover it to some extent though the details are beyond me: https://www.taylorwessing.com/globaldatahub/article-changes-to-employee-data-management-under-the-gdpr.html

There's the line that employees as data subjects have "the right to be forgotten under certain circumstances" which is quite vague.

Though even in this case first as it's really just a name and probably a company email address and second as there is always the option to delete an account if requested so I'm not sure I would agree that it would be necessary for GDPR compliance but agree it would be nice to have just as a matter of good housekeeping. Again a disclaimer I'm not at all involved in the decisions around this but am just interested.

We have an actual case where we are going to integrate Dynatrace with a companys AD using SAMLv2. In this case, the comapany asked us

a) Why Dynatrace needs to keep a local copy of the user at all

b) If there is a possibility of autodeleting a user.

So their though process is as follows. Employee Alice quits the company. Her user account in the company will follow the normal processed, and be removed from the AD in due time. However the user in Dynatrace will not. And according to them this is not in line with GDPR.

Don't know about SaaS, but you can delete users and groups (also create them) using REST API in Dynatrace Managed. I'm pretty sure Dynatrace has similar API for SaaS, but it's probably not public.

Typically enterprise customers do have an IAM tool, which handles such cases and creates/deletes users in applications. When someone quits a company, the IAM tool is in charge of deactivating and deleting accounts.
I've never seen a tool which would "autodelete" users if they cannot be found anymore in AD/LDAP.

Will this apply to AppMon, and possibly DCRUM in the future as well?

Hi Gerald,

Can you give me an update on the implementation of this feature? We have a customer who is asking the same question and it's very critical for the implementation plan.

Thanks in advance!