As you may have noticed business around the globe are preparing for compliance with the Europeans Union’s data privacy law: The General Data Protection Regulation, or the GDPR. Announced earlier in December 2015 by the EU commission, the GDPR will come into effect on May 25, 2018, and businesses all over the world have been gearing up for the big change.
We’re getting an increasing number of queries regarding the GDPR, and we are seeing a number of misconceptions about what it is and what it means for website owners. As we are providing hosting services to a large number of clients from Europe, FastComet is also working on a number of changes to ensure we’re prepared for the GDPR. That being said, FastComet will comply with GDPR’s requirements, both as a controller of our customers’ account data and a processor of the end-user personal data our customers control.
While we were reviewing some of the features and changes we need to introduce for this, our team came up with many additional features that we believe will further strengthen your security and we decided that this is a perfect time for an overall security overhaul work.
The purpose of this post is to first outline explicitly that FastComet is committed to being fully GDPR compliant by 25th May 2018. Secondly, I aim to address a number of key points with regards to what the General Data Protection Regulation is, and the rights provided by it to individuals.
GDPR in a few simple words
To put it simply, GDPR short for the General Data Protection Regulation is designed to harmonise the data privacy laws across Europe and is the most important change in data privacy regulation in the last 20 years. It was passed by the European lawmakers to create a unified data privacy law across all the EU member states. Its purpose is to:
- Support privacy as a fundamental human right
- Require companies that handle personal data to be accountable for managing that data appropriately
- Obtain explicit consent to use a person’s data for certain purposes, including marketing.
- Give individuals rights over how their personal data is processed and used.
Rights provided by GDPR
As a result of this law the following rights can be executed by individuals:
- Right of access: Individuals can ask for a copy of the personal data retained about them and an explanation of how it is being used.
- Right to rectification: Individuals have the right to correct, revise or remove any of the personal data retained about them at any time.
- Right to be forgotten: Individuals can ask to delete their personal data (unless there is a valid reason for its continued processing).
- Right to restrict processing: If an individual believes, for example, that their personal data is inaccurate or collected unlawfully, the individual may request limited use of their personal data.
- Right of portability: Individuals have the right to receive their personal data in a structured, commonly used and machine-readable format and reuse their personal data for their own purposes.
- Right to object: Where an individual decides that they no longer wish to allow their personal data to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, the individual may opt out of use of their data for these purposes.
- Right not to be subject to automated decision-making including profiling: When your personal aspects are being evaluated in order to make predictions about you, even if no decision is taken.
What is considered “personal data”?
Despite these rights sound very straightforward and easy to understand, the confusing part is what exactly is considered as personal data. In a few words as possible, the GDPR defines personal data as any information relating to an identified or identifiable natural person. To give you just a quick example of what is considered personal data, this includes name, address, phone number, email address, username, financial information, contact information, identification numbers and any other digitally generated or collected data that can be associated with or can be traced back to or related in some way to an identifiable person.
In other words, we can say that any data that is not randomly generated and can be traced back to an individual is considered as personal data and falls under the protection of the GDPR law. In order to comply with this law and make sure that all clients can execute their rights, we have prepared a large number of changes and features of our system.
How is FastComet preparing for GDPR?
FastComet continually maintains a high bar for the security of your data and our infrastructure. We’ve had tighter restrictions on our data from the very beginning and are committed to providing an environment that is safe, secure, and available to all of our customers.
We support the GDPR and will ensure all FastComet services comply with its ordinances by May 2018. Not only is it an important step in protecting the fundamental right of privacy for European citizens, it also raises the bar for data protection, security, and compliance in the industry.
But as is every company right now we are revisiting each of our policies with our legal team regarding data processing, collection, and storage; as well as our website and corporate blog to ensure we are fully compliant by the deadline.
Upcoming changes to assure individual rights
We will provide a detailed overview of all changes and upcoming features in a separate post next week but I will outline some of the main features and changes in our development roadmap:
- New Data Processing Agreement to meet the new requirements of the GDPR.
- More control over your information. We will make it easy for you to control the information you provide to us.
- Data Subject Access Request feature will be added to FastComet Client area to allow clients to request a copy of all personal data stored by FastComet for the purpose of their service.
- Withdraw from consent feature will be available in the new Privacy and Security section under your client area which will allow you to withdraw your consent from some or all terms of services you have previously agreed.
- A new option under the same section will provide you with the tools to execute your right to be forgotten or in other words – have all personal data stored by FastComet permanently removed.
- GDPR WHOIS Protection feature which will hide any personal information from public whois engines if either of the Registrant, Admin, Tech and/or Billing contacts is identified as being from the EU.
- A new communication channel will be available to address any concerns related to personal data. All inquiries related to Privacy Protection and personal data will be handled by our DPO.
- A security overhaul which will provide additional security features and options related to access, management and personal data accessibility.
We are working hard to continue to earn your trust, stay tuned for further updates on the subject and the new features on our roadmap. Meanwhile, if you have any questions or feedback, please feel free to contact our customer service agents.