Splunk uses GDPR as its global standard for its Data Protection program. We offer a Data Processing Addendum (DPA) that complies with the requirements for a data processor under GDPR and which relies on the Standard Contractual Clauses for data transfers from the EEA/EU to the U.S. You can download an exemplar copy of our DPA or execute the DPA via DocuSign here.
Our DPA is tailored to reflect how we offer our products and services and is scaled to meet the needs of all customers. For this reason, we are unable to modify our DPA.
For more information regarding Splunk’s privacy and security compliance programs, see Splunk Protects.
Specific questions regarding the transfer of personal data from the EEA/EU to the U.S. under the Standard Contractual Clauses as discussed in Schrems II are addressed in our white paper.