General Data Protection Regulation and cPanel
As the internet evolves — so do the policies that govern the way we store and share information. One of the latest policies to come into effect is the General Data Protection Regulation. This policy, also known as GDPR, comes out of the European Union and its goal is to protect certain types of personal information. We began preparing just over a year ago for this regulation, which comes into effect May of 2018. Here are a few things we thought you should know.
What is the GDPR?
The European Union’s General Data Protection Regulation, or GDPR, is a regulation that comes into effect May 25, 2018. The GDPR regulates the collection, processing, transport, and use of personal information about individuals in Europe.
Where can I get more information about GDPR and my compliance obligations?
The GDPR itself is here. The European Union has created an information portal here. A number of companies provide consulting services that help with different aspects of your compliance process. While cPanel doesn’t recommend any particular approach to GDPR compliance, your lawyer or regulatory advisor may be able to point you to resources that are helpful.
Why does GDPR apply to cPanel?
GDPR applies to cPanel because our company has both direct and indirect European customers whose personal information may be collected or processed by us, or on our behalf. It may also apply to companies who provide services to us to the extent we provide this data to them. Although cPanel is a U.S. company, the GDPR applies to personal information about individuals in Europe regardless of whether that information is located in Europe or elsewhere.
How will cPanel comply with GDPR?
As of the end of January 2018, cPanel has completed a “data mapping” exercise designed to identify how cPanel collects, handles, and transfers European personal information that is subject to GDPR. Based on this exercise, we have categorized data and are in the process of creating processes that will facilitate compliance with GDPR. We have determined that:
- We do not collect or process “sensitive” data that is subject to GDPR.
- We do collect and/or process other personal information subject to GDPR.
- We store some personal information subject to GDPR for set periods of time.
- A small number of third parties may also process personal information subject to GDPR on our behalf.
- Data subject to the GDPR that is stored by us may be stored outside the U.S. and Europe.
To facilitate GDPR compliance we are strengthening our data segregation and access policies, our breach response plan, and relationships with vendors who may handle data on our behalf, or on behalf of our customers.
To further provide information to customers and third parties, we anticipate rolling out a revision of our privacy policy in late March. Our revised privacy policy will:
- Provide detailed information about the types of data we collect or process
- Include the reasons for that collection or processing
- Set out the length of time we store the data
- Indicate whether the data is accessed by third parties on our behalf
We also anticipate becoming Privacy Shield certified by the implementation date of the GDPR.
How does cPanel & WHM facilitate compliance with GDPR?
cPanel & WHM is intentionally a highly configurable software product. Because every customer’s determination about what is required for it to become GDPR compliant is unique, there is not a particular way that our products create compliance with GDPR, or any other law or regulation. We are committed to working with our customers and partners to understand how their compliance activities are facilitated by our products, and ways our products can help them reach compliance.
How can you get more information about cPanel’s GDPR compliance plans?
cPanel will be holding a GDPR compliance “meet up” at CloudFest. The meet up will be held on 14 March at 15:00 at our booth (H15). Members of our product, executive, and legal teams will be on hand to listen and provide answers to questions you may have about our corporate compliance efforts and how our products can facilitate your own compliance.