Get Started for Free Contexxia identifies hard-to-find pieces of information in SEC filings. No more highlighters, no more redlining, no more poring over huge documents. SPLUNK INC (1353283) 10-K published on Mar 27, 2019 at 4:54 pm
Reporting Period: Jan 30, 2019
Further, following a referendum in June 2016 in which voters in the United Kingdom approved an exit from the EU, the United Kingdom government has initiated a process to leave the EU (often referred to as “Brexit”). Brexit has led to economic and legal uncertainty in the region and could adversely affect the tax, operational, legal and regulatory regimes to which our business is subject. Brexit may subject us to new regulatory costs and challenges, in addition to other adverse effects that we are unable effectively to anticipate.
Internationally, virtually every jurisdiction in which we operate has established its own data security and privacy or data protection legal framework with which we or our customers must comply. Laws and regulations in these jurisdictions apply broadly to the collection, use, storage, disclosure and security of data that identifies or may be used to identify or locate an individual, such as names, email addresses and, in some jurisdictions, Internet Protocol (“IP”) addresses. These laws and regulations often are more restrictive than those in the United States and are rapidly evolving. For example, a new EU data protection regime, the General Data Protection Regulation (“GDPR”) became effective on May 25, 2018, and, in addition to imposing stringent obligations relating to data protection and information security, authorizes fines up to 4% of global annual revenue or €20 million, whichever is greater, for some types of violations. We have self-certified to the EU-U.S. and the Swiss-U.S. Privacy Shield Frameworks developed by the U.S. Department of Commerce and the European Commission to provide U.S. companies with a valid data transfer mechanism under EU and Swiss law to permit them to transfer personal data from the European Union or Switzerland to the United States. The EU-U.S. and Swiss-U.S. Privacy Shield Frameworks are subject to annual review. The EU-U.S. Privacy Shield Framework and model contractual clauses approved by the European Commission, which we also use in our business to address certain cross-border data transfers, each have faced challenges in European courts, and may be challenged, suspended or invalidated. Further, following a referendum in June 2016 in which voters in the United Kingdom approved an exit from the EU, the United Kingdom government has initiated a process to leave the EU (“Brexit”). The United Kingdom enacted a Data Protection Act in May 2018 that substantially implements the GDPR, but Brexit has created uncertainty with regard to the regulation of data protection in the United Kingdom. In particular, it is unclear how data transfers to and from the United Kingdom will be regulated post-Brexit. Our EMEA headquarters is in London, causing this uncertainty to be particularly significant to our operations. Some countries also are considering or have passed legislation requiring local storage and processing of data, or similar requirements, which could increase the cost and complexity of delivering our services. Complying with the GDPR or other laws, regulations, or other obligations relating to privacy, data protection, data localization or information security may cause us to incur substantial operational costs or require us to modify our data handling practices. Non-compliance could result in proceedings against us by governmental entities or others, could result in substantial fines or other liability, and may otherwise adversely impact our business, financial condition and operating results.
In addition to government regulation, privacy advocates and industry groups may propose self-regulatory standards from time to time. These and other industry standards may legally or contractually apply to us, or we may elect to comply with such standards or to facilitate our customers’ compliance with such standards. Because privacy, data protection and data security are critical competitive factors in our industry, we may make statements on our website, in marketing materials, or in other settings about our data security measures and our compliance with, or our ability to facilitate our customers’ compliance with, these standards. We also expect that there will continue to be new proposed laws and regulations concerning privacy, data protection and information security, and we cannot yet determine the impact such future laws, regulations and standards may have on our business. New laws, amendments to or re-interpretations of existing laws and regulations, industry standards, contractual obligations and other obligations may require us to incur additional costs and restrict our business operations. Because the interpretation and application of laws, standards, contractual obligations and other obligations relating to privacy and data protection are still uncertain, it is possible that these laws, standards, contractual obligations and other obligations may be interpreted and applied in a manner that is inconsistent with our data management practices, our privacy, data protection, or data security policies or procedures, or the features of our offerings. If so, in addition to the possibility of fines, lawsuits and other claims, we could be required to fundamentally change our business activities and practices or modify our offerings, which could have an adverse effect on our business. We may be unable to make such changes and modifications in a commercially reasonable manner or at all, and our ability to develop new offerings and features could be limited. Furthermore, the costs of compliance with, and other burdens imposed by, the laws, regulations, and policies that are applicable to the businesses of our
Splunk Cloud delivers the core capabilities of Splunk Enterprise as a scalable, reliable cloud service. Splunk Cloud customers pay an annual subscription fee based on the combination of the volume of data indexed per day and the amount of data stored. Splunk Light provides log search and analysis that is designed, priced and packaged for small information technology (“IT”) environments, where a single-server log analytics solution is sufficient. Splunk Enterprise Security (“ES”) addresses emerging security threats and security information and event management (“SIEM”) use cases through monitoring, alerts and analytics. Splunk IT Service Intelligence (“ITSI”) monitors the health and key performance indicators of critical IT and business services. Splunk User Behavior Analytics (“UBA”) detects cyber-attacks and insider threats using data science, machine learning and advanced correlation.
Our quarterly results reflect seasonality in the sale of our offerings. Historically, a pattern of increased license sales in the fourth fiscal quarter as a result of industry buying patterns has positively impacted sales activity in that period, which can result in lower sequential revenue in the first fiscal quarter. We expect this seasonality to continue in fiscal 2020 and beyond. Our gross margins and operating losses have been affected by these historical trends because the majority of our expenses are relatively fixed in the short term. The timing of revenues in relation to our expenses, much of which does not vary directly with revenues, has an impact on the cost of revenues, research and development expense, sales and marketing expense and general and administrative expense as a percentage of revenues in each fiscal quarter during the year. The majority of our expenses are personnel-related and include salaries, stock-based compensation, benefits and incentive-based compensation plan expenses. As a result, we have not experienced significant seasonal fluctuations in the timing of expenses from period to period. Although these seasonal factors are common in the technology industry, historical patterns should not be considered a reliable indicator of our future sales activity or performance.