Solved: Re: Dynatrace Support and GDPR Compliance

STiAT · ‎13 May 2022

Hello,

we're actually struggling legally (or with our legal department) with Dynatrace support due to GDPR compliance. Basically, we're not allowed to let Dynatrace access any user-specific data. Thus, I could not let Dynatrace employees access our cluster without violating the GDPR since most of the staff are not actually in Europe.

Is there any legal documentation or anything which will guarantee GDPR compliance? Support usually requests access - which would be an issue. At least some user-specific data (as our own users) would be non-compliant to be accessed or shared in information.

Recent rulings even stated that just to show data (in example while sharing the screen) would be a violation of the GDPR law.

Is there anything dynatrace does to counter this? As in example anonymization of the data in dynatrace instances for its own employees, as LDAP account names, names and e-mail addresses?

Best regards,

Georg

Julius_Loman · ‎13 May 2022

Did you check the Data privacy and security section in help? Especially pay attention to Data privacy and exchange in Managed deployments if you are on Managed where you can define criteria who from Dynatrace can access, what data is given to the support etc.

In general, no sensitive data (marked as sensitive within Dynatrace - for example, request attributes) is given to the support and they cannot access that - I can really confirm that.

Few customers do have additional very strict regulations and no access to Dynatrace support is provided - in that case, the troubleshooting and support cases take much longer to resolve.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

STiAT · ‎13 May 2022

Hi,

indeed I did, and within this information it's already not compliant with GDPR:

More to that, as soon as I let any support personal connect to the system which is not bound by GDPR, that's basically prohibited on all levels. So we'd require european entities connecting through european mission control in support cases to cover that, and those mission control may not be accessible by anyone in a state not complying with GDPR .

Those things basically make it impossible to use dynatrace in any state which is bound by the GDPR, so all Europe unless you could guarantee that, or at least brings companies in a legal limbo.

Support is just part of that issue.

At least it's not compliant after the Schrems 2.0 ruling.

Julius_Loman · ‎13 May 2022

@STiAT that's a misleading statement in the docs. The "support resources" mentioned are about creating a dynatrace.com account (to be able to log in to support & community). This feature can be disabled in CMC. Users can create their accounts anytime.

The synchronization is valid only for users who have create support ticket permissions.

If you have any doubts about Dynatrace not being compliant, it's best to open either open a support ticket or talk to your Dynatrace partner or Sales representative.

Certified Dynatrace Master | Alanata a.s., Slovakia, Dynatrace Master Partner

STiAT · ‎14 May 2022

I'll try getting in touch with the account representative, but basically discussions of legal departments of us and partners came to the conclusion that getting support by dynatrace is basically impossible without giving access to the cluster (things we can not do ourselves but is only available to your staff, as clearing metric caches), which would require the staff to be european based with certain data security measures in place.

HannahM · ‎23 Feb 2023

Support can be limited to just a specific geo. Obviously there's a larger support pool if you do allow all geos but we have various customers that require these sort of limits. Your CSM should be able to put this in place

STiAT · ‎23 Feb 2023

Yes, got informed by our contract partner already about that. That's good stuff for us, since we can safely now use the support now. We don't mind wait times, we'd just like to avoid fines since we're heavily regulated and audited. Thanks!