cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2448
Views
0
Helpful
4
Replies

AMP for Endpoints NAM/EU Compliance

joshua.lackey
Level 1
Level 1

Hello,

 

We have an active instance of AMP for Endpoints deployed in NAM. We are looking to extend our endpoint coverage with connectors in EU. Will the AMP console/cloud provisioned in NAM effect GDPR compliance if we deploy connectors in EU?

 

Thanks!

2 Accepted Solutions

Accepted Solutions

Troja007
Cisco Employee
Cisco Employee

Hello @joshua.lackey,

yes, this may impact GDPR related topics. So I´m not a jurist, but if your company headquarter is located in the US, this still can be in conflict with GDPR data privacy rules. Found an interesting info here: https://www.compliancejunction.com/gdpr-for-us-companies/

I would recommend talking to a responsible person inside your company.

Greetings,

Thorsten

 

View solution in original post

Troja007
Cisco Employee
Cisco Employee

Hello @joshua.lackey,

asked some other people. 

  • One contact point would be with remote file fetch of non-executable data such as Office documents. Because such documents may include PII information.  AMP for Endpoints only sends Executables. 
  • The second topic may be the Username included in an event, because this is PII information. This can be configured in the AMP Policy: Advanced Settings --> Administrative Features --> Send User Names in Events.

Greetings,

Thorsten

View solution in original post

4 Replies 4

Troja007
Cisco Employee
Cisco Employee

Hello @joshua.lackey,

yes, this may impact GDPR related topics. So I´m not a jurist, but if your company headquarter is located in the US, this still can be in conflict with GDPR data privacy rules. Found an interesting info here: https://www.compliancejunction.com/gdpr-for-us-companies/

I would recommend talking to a responsible person inside your company.

Greetings,

Thorsten

 

Thanks Thorsten,

 

This echoes my initial findings - we will explore creating a second instance for EU users.

 

Best,

Josh

Troja007
Cisco Employee
Cisco Employee

Hello @joshua.lackey,

asked some other people. 

  • One contact point would be with remote file fetch of non-executable data such as Office documents. Because such documents may include PII information.  AMP for Endpoints only sends Executables. 
  • The second topic may be the Username included in an event, because this is PII information. This can be configured in the AMP Policy: Advanced Settings --> Administrative Features --> Send User Names in Events.

Greetings,

Thorsten

Troja007
Cisco Employee
Cisco Employee

Hello @joshua.lackey,

here you are, just shared with me: https://www.cisco.com/c/en/us/about/trust-center/gdpr.html.

Greetings,

Thorsten