Host4Geeks’ GDPR Compliance
GDPR – General Data Protection regulations is coming into force on 25 May 2018 and applies to all businesses doing business in or with a person in the EU.
In our earlier blog post, GDPR & The Web Hosting Industry we wrote about how the web hosting and cloud services industry as a whole can prepare for the upcoming changes post GDPR. As 25 May 2018 approaches we are starting to receive a lot more emails from clients asking us about GDPR and how we are preparing for it.
The GDPR regulation can be reduced to the following most important points. For each point, we explain how we handle its compliance.
All employees at Host4Geeks LLC working on infrastructure management are fully aware of the GDPR requirements. Additionally, regular audits and updates are performed on service components that store sensitive and personal user data such as but not limited to the client area, payment systems, etc.
Host4Geeks’ customers rights regarding to GDPR are considered and enforced, including:
Right to be informed: we clearly inform our users about the use that will be made of their data
Right of access: our users can access all their data, without restriction as long as the subscription is active after which the data shall be permanently removed and erased from our systems
Right of rectification: it’s as simple as sending us an email, we’ll process all your rectification queries
Right of erasure: it’s as simple as sending us an email we’ll process all your erasure queries
Right to data portability: our users may contact us anytime if they wish to get an export of their data
Right to object: we handle all requests on this matter from our users and users’ end-users
Right not to be subject to automated decision-making including profiling: we don’t do that (and never will)
Subject access requests
Host4Geeks replies to all access requests (positively or negatively) under 1 month (the legal limit from GDPR).
Consent is provided by our users explicitly when proceeding an action or task (eg. when they provide user data).
Our team closely monitors any unauthorized system access and has put in place multiple preventive measures to reduce the attack surface on our systems and services. In case of a highly unlikely even where customer data has been breached, we shall notify the user in less than 72 hours time.
We take our obligation under GDPR very seriously and while the regulations are a challenge to implement, we believe they are a change for the better and fully support them.