On May 25th 2018, the General Data Protection Regulation (GDPR) comes into effect.
This European regulation is designed to better protect citizens from data breaches and privacy violations. The new law is amongst other things stipulating how companies must handle their customers' data.
Many of our customers chose Greenhost exactly because privacy has always been one of our core values. As a result there are not many significant changes we have to make. However, we do want to take the opportunity to scrutinize some of our designs and see in which ways we can still do better in safeguarding your privacy.
Which steps will Greenhost take
As opposed to companies that built their businesses on collecting all data, we have been trying to collect as little data on our customers as possible. As a result the impact of the new regulation on Greenhost is limited. Still, there are some important improvements we are making. A few examples:
In daily practice, when we handle sensitive data we do so consciously and with care. However, the new regulations require thorough documentation on the procedure involved. This is a justified requirement, and we will be making some steps in further documenting and formalizing these procedures. For example we will re-evaluate how soon after cancellation of service we will destroy remaining data.
If you are using an email client like Thunderbird or Outlook to read your email, or a mail app on your smart-phone, you will no longer be able to use insecure protocols to login. - Currently, most communication is done by email. In the future more communication will be done through our Service Centre, to better safeguard your privacy. We already offer, for example, the possibility to download invoices through our Service Centre.
If you are a business customer processing personal data, GDPR applies to you as well. If you store these data externally you will need to be able to provide a Data Processing Agreement, stating which data are stored, and who is responsible in processing them. We are developing a general Data Processing Agreement, which will comply with GDPR for most business customers. Next to this, we will keep the option to enter into a specific Data Processing Agreement, in combination with an SLA-contract. We think these steps will help in better protecting your and your customer's privacy. Of course we will keep you updated on any progress.
How will these changes affect you
Some of the changes we make will have a direct effect on some of our customers. After the GDPR comes into effect we will no longer allow insecure connections to our services.
Access to our Cosmos Service Centre, to your webhosting files and to your e-mail will only be available through secure protocols. We have been offering these secure protocols for years, so it is very likely you are already using these. In the next section, we will specify the changes in more detail.
Greenhost Service Centre
Our Service Centre contains your personal and business data. Connecting to our Service Centre has only been possible through HTPPS for years. As this is secure, no changes will be made here. We will however try to create a better overview of the options to view and change your details.
Webhosting- no more FTP
You can access your web hosting data through SFTP or SSH. This will not change. However, we will no longer support the insecure FTP. Although FTP is a commonly used term to indicate data-transfer to your webhosting server, many users of eg. Filezilla or Cyberduck already connect using SFTP.
If you are using FTP, steps to change this are relatively simple: in general you must replace port "21" with "22" and the protocol "FTP" by "SFTP". For further instructions, please have a look at our manual.
Email - only secure connections
For people using webmail nothing changes, this webpage is loaded through HTTPS, and is therefore secure. About 90% of the people using a mail client like Outlook or Thunderbird to read their email, or a mail app on their smartphone, already use a secure connection.
This means a considerable number still uses insecure connections. With the implementation of GDPR, we will no longer support the insecure options, so please make sure to check your settings in time!
You can check the instructions with the correct settings in our manuals. If there are multiple email accounts connected to your hosting package, please check the settings for all users, and all email programs in use.
Greenhost will send a warning message per email to all users still using insecure ways to get their mail.
Further consequences of GDPR to business customers
As GDPR applies to all EU-based business parties processing personal data, chances are it also applies to you. If your company or organisation collects or processes any personal data, you will have to comply with stricter regulation.
Be aware that, for instance, a simple contact form on your website already means that you are collecting personal data. What the exact changes for your organisation are depends on the jurisdiction you are in. All European Countries adapted their national laws to the GDPR, therefore specifics differ per country.
However, one of the first steps you can easily take to better protect the privacy of people visiting your website is to encrypt the site. If you are using shared webhosting, you can do so easily by activating Let's Encrypt. Follow this manual to learn how.
If you are hosting a website on a VPS, Certbot might be useful in helping you setup HTTPS on your website.
For a short infographic on the new directive, have a look at the European Committe website.
If you really want to know all details, you could read the full Directive.