As you may have read or heard in the media, a new data protection regulation (GDPR) will come into effect on May 25, 2018. From then on, all companies processing personal data from European clients will have to comply with this new regulation. PlanetHoster has several clients based in Europe and a data centre in France; we will therefore pay close attention to the developments and changes generated by this new legislation.
What exactly is the GDPR?
The GDPR is a European regulation that aims to ensure the full transparency of corporate data collection and processing and allow for better client data traceability. It is replacing the 1995 Data Protection Directive 95/46/EC, which became obsolete after the arrival of the Cloud. The GDPR legislation better addresses current needs and includes stricter conditions for companies.
It should be noted that this legislation includes the “right to be forgotten,” which gives clients the right to request the destruction of their collected personal data without justification. To better understand what this entails, let’s consider Facebook. Presently, Facebook members cannot permanently delete their accounts or personal data. All information remains archived until the account is reactivated. With the GDPR, Facebook will be required to permanently delete all of a member’s data upon request.
This new legislation also includes a 72-hour breach notification rule, which states that if an organization is hacked, the data breach must be reported within three days.
The term “personal data” is quite vague and encompasses many elements. In broad strokes, it includes all identifying information of a natural person, i.e. their first name, surname, email address, civic address, phone number, bank card, IP address, username/password, cookies, photos/videos, etc.
Over five years ago, PlanetHoster adopted an internal policy to guarantee security, performance, and transparency to all our clients. The arrival of the GDPR aligns with the improvements we are striving to implement to satisfy our clients. Below are a few examples of our developments over the years:
Internally, we also ensure the security and integrity of data passing through our company by performing background checks on all new employees and by periodically renewing these checks.
PlanetHoster has been ICANN-accredited since 2015. Accreditation allows us to register “.com,” “.net,” and “.info” domain names, among others. To benefit from this service, we needed to meet all the requirements of the regulatory body and undergo legal, accounting, and technical inspections to ensure the conformity of our services.
In addition, our Data Centre has Tier III certification in Canada and ISO9001:2008, ISO50001:2011, ISAE3402, and PCI-DSS certifications in France. These standards are recognized worldwide and guarantee bank-level data security.
What you need to do:
All relevant companies must document their processing of data. This means that you must be able to justify the collection and transmission of personal information.
If your website has an email newsletter and you are working with partners like MailChimp or MailJet, you must implement data mapping. Your internal corporate plan must compile all information on WHO? WHAT? WHY? WHERE? UNTIL WHEN? HOW?
->PlanetHoster / Website / NewsLetter / US /…/ via SFTP
Ensure that your CMS/Extension/theme are updated and don’t forget the .TXT/.SQL files in your domains’ public directories. Finally, make sure that all sensitive data are well encrypted.
I would also like to remind you that clients with pre-World hosting plans can request a free migration to France: