We are seeing more and more of our web hosting clients contact us with questions on the upcoming implementation of GDPR (General Data Protection Regulation).
Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA) which we comply with. These rules will remain valid under GDPR and will form the basis of our compliance with the new regulation.
InnovaTech Media Ltd T/A BetterWebSpace will comply with all applicable GDPR regulations as a data processor when they come into force on May 25, 2018.
Our Obligations
As a web host, we are committed to addressing EU data protection requirements applicable to us as a data processor. These include:
Data processing: Our ability to fulfil our commitments as part of article 28 of the Regulation as a data processor to our customers, is a part of our compliance with GDPR. You, the data controller, are using a third-party such as ourselves to process personal data.
Because of this requirement, we have assessed our existing data protection policies and practices and are making changes where appropriate. In addition, our Terms & Conditions of business are currently being redrafted.
Data sharing: The data our customers store with ourselves is theirs, however for certain services such as domain registrations we will be guided by ICANN and Nominet rules & regulations
Our Customer’s Obligations
As a data controller now is the ideal time for you to begin preparing for the GDPR. Consider the following:
- Understand the GDPR: You should familiarise yourself with the provisions of the new regulation. Understand how the new regulations may differ from your current data protection obligations and consider any changes to working practices that may need to be implemented.
- Audit the information you hold and the processes that capture such data: Review your current controls and processes to ensure that they’re adequate, and build a plan to address any gaps. Consider creating an updated and precise inventory of personal information that you control.
- Stay informed: Keep up to date of regulatory guidance as it becomes available and consider consulting a legal expert to obtain guidance applicable to you. It is advised to take in the information provided on the Information Commissioner’s website, the UK representative within the EU working group.
What’s Next?
We will continue to monitor and make additional required operational changes resulting from the GDPR, and will keep our clients informed accordingly.
A number of our key partners are yet to formalise their position on the regulation. When this happens, the relevant processes will become more clearly defined. We will continue to assess our strategy for GDPR over the next few months.