GDPR: FAQs Relating to Your Web Hosting
Following on from the Commitment Statement issued in January, we look to address a few of the common queries we’ve been receiving from customers…
What is the GDPR?
The General Data Protection Ruling (GDPR) comes into force from 25th May and replaces the UK Data Protection Act 1998.
The GDPR won’t apply after BREXIT?
This is incorrect. Post Brexit the GDPR still applies to the UK. The European Commission has previously commented: If you process data about individuals in the context of selling goods or services to citizens in other EU countries then you will need to comply with the GDPR, irrespective as to whether or not the UK retains the GDPR post-Brexit.
New Contracts are required for services held at Clook?
Yes and No. The ruling states that ‘Whenever a controller uses a processor it needs to have a written contract in place’. The contract is established when signing up for a service via the website. A check box stating that you agree to our Terms of Business is present – agreeing to these terms forms our contract with you.
A revised set of Terms of Business are being re-written to ensure that processing carried out by ourselves meets all the requirements of the GDPR. These will be in place prior to 25th May and customers will be informed prior to their implementation date. Notifications will also be posted within the Client Portal.
What processing of customer data will Clook perform?
The necessity to process data with third parties is minimal. If you only have a hosting account with us we have no reason to pass on your details to anybody else.
This will change should you have additional products with us – Domain Registrations, SSL Certificates, etc. Where applicable, we are bound by terms provided by Nominet, eNom & GlobalSign – these companies will have their own commitment to the GDPR ensuring data held will be safe and compliant.
Who has access to my data?
All technical staff at Clook have access to data stored on our hosting platforms. This is required and essential in order to fulfill the job role. All staff are subject to an internal data protection policy and have committed themselves to confidentiality when handling or accessing customer information.
Do you have any technical/security certifications?
Yes. We are ISO27001 (Information Security Management) certified. We also adhere to the current UK Data Protection Act. In addition we are PCI-DSS compliant for card payments – PCI-DSS 3.2 is another major standard coming into force in 2018 and is said to provide much of what the GDPR sets out to achieve.
Invoking the right to be forgotten
Once a customer has ceased hosting with us, any data held on the server will be removed 30 days after the expiry of their contract. Customer records – accountancy and product details will be held for as long as is reasonably required as per the original contract.
If you have any specific queries please feel free to get in touch…