Vanderbilt GDPR Information

Wave divider
Wave divider

Vanderbilt Industries are committed to full compliance with the European General Data Protection Regulations as introduced in May 2018.

Commitment statement

The new EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will impact every organization that holds or processes personal data. It will introduce new responsibilities, including the need to demonstrate compliance, more stringent enforcement and substantially increased penalties than the current Data Protection Act (DPA) that it supersedes.

Vanderbilt is committed to high standards of information security, privacy, and transparency. We place a top priority on protecting and managing personal data by accepted standards, including ISO9001 and ISO14001. The company will comply with applicable GDPR

For Vanderbilt’s Data Protection statement, please, click here

Vanderbilt focus areas

Vanderbilt has two main areas of focus in preparing for GDPR overseen by an internal cross-functional team:

1.Building on existing security and business continuity management systems and certifications, including ISO9001 and 14001, to ensure our compliance.

2.A) Product guides to support compliance for users of our on-premise and cloud security products and services that help customers to understand and prepare for GDPR.

B) Develop compliance plans and build a stronger platform for the future by taking control of their data.

Vanderbilt security solutions GDPR compliance statements

Vanderbilt’s portfolio of security products is used to provide efficient and high-quality security. As such the company is committed to providing security systems that comply with customers’ GDPR obligations.

On-premise solutions

Where our solutions are deployed and sit within an end customer’s IT infrastructure, they are protected by and under their own IT Information Security and Data Protection compliance controls and their processes of data processing.

Upon completion of our analysis of the data protection requirements for Vanderbilt on-premise security solutions, we can confirm that Vanderbilt does not enter or maintain any data on these systems, and therefore is not the Data controller or Data processor.

We do however want to support our customers who will be required to supply statements and to include Vanderbilt systems within the data protection and processing agreements. To that end, we have undertaken an audit of our on-premise solutions to prepare the material that will enable you to provide the information required.

For details about GDPR compliance guidance and our portfolio of security products, you are referred to our GDPR product statements below.

Customers should refer to the individual product compliance guides (links below) to understand what features are available to enable this. This information will include data cleansing and subject access reports to specific data retrieval and disposal tools. This will create efficiencies by allowing organizations to locate and remove data with minimal administrative effort and to enable a quick and efficient response to information requests.

SPC GDPR Compliance Guide

ACTpro GDPR Compliance Guide

Video Surveillance GDPR Compliance Guide

bright blue/lite blue GDPR Compliance Guide

SMS GDPR Compliance Guide

Entro GDPR Compliance Guide

Granta GDPR Compliance Guide

Omnis GDPR Compliance Guide

SiPass integrated (A Siemens AG product) - GDPR Compliance Guide

AccessIt! GDPR Compliance Guide

It is important to recognize that compliance is a shared responsibility and all organizations will need to adapt business processes and data management practices.

All customers are responsible for personal and transactional data located in Vanderbilt security systems, and requests to delete, rectify, transfer, access, or restrict the processing of data.

Cloud solutions

Where Vanderbilt hosts cloud solutions, we shall comply with this position statement and the provisions of GDPR and the forthcoming regional Data Protection Acts within the countries we conduct business.

Upon completion of our analysis of the data protection requirements for Vanderbilt cloud security solutions, we can confirm that SPC Connect and ACT365 do store information on users of the system, and for these products, Vanderbilt is therefore considered the Data controller or Data processor.

We have completed internal audits to ensure we are working to comply with requirements and have worked with external bodies to prepare data protection statements for these products. 

ACT365 data protection document

SPC Connect data protection document

Feenics data protection document

Contact details surrounding GDPR inquiries at Vanderbilt

If you have any comments or concerns, we urge you to contact us with your questions. Our aim is providing the best of breed security solutions, and we need to be aware of any issues you are having so that we can work to resolve them.

For any GDPR related questions on Vanderbilt, please contact us via email at

If you wish to inquire about what personal data Vanderbilt has on you or if you wish to have your information deleted, please contact us via email at

What is next?

Vanderbilt will continue to monitor and make additional required operational changes resulting from the GDPR and will inform our customers accordingly.