GDPR, the new data protection regulation, has been one of the hottest business topics in recent months. The reason for this is that not only will a single regulation be established for storing and processing all the EU citizens’ data, but also because every business that works with personal data will need to take concrete actions to be compatible with the GDPR.
The regulation will come into force on 25 May 2018.
Our company would like to point out the following: The security and protection of all customer data, not just personal data, has always been a top priority for us. As a responsible company, we follow all legal requirements and regulations. At present, we are strictly following the data protection regulation, established in Bulgaria. We can assure you that all procedures for collecting, storing and processing your personal data shall be legal and fully in line with the new European regulations.
In this article we will explain what steps we have taken to meet the GDPR requirements.
Before this, let us briefly review the most frequently asked questions about the new regulation.
What is GDPR?
GDPR (General Data Protection Regulation) is a European regulation, the preparation of which began 4 years before its formal adoption in 2016. The objectives of this regulation are to:
- Unify the legal framework of all EU member states specifically in the protection of personal data.
- Ensure the protection of personal data for all European citizens.
- Change the way businesses perceive the process of interacting with personal data.
Briefly, GDPR is a regulation that aims to make it easier for natural persons to control the way different organizations get access and operate with their personal data.
Why is it important to know GDPR?
As a natural person, each of us provides our personal data to different institutions on a daily basis. With the help of GDPR, every EU citizen will be able to exercise different rights with respect to their personal data, which include refusing to become a subject of personal data processing, to be able to access their personal data, to be able ‘to be forgotten’ etc.
And not only that. GDPR is a complex synchronization between legislative bodies, legal and natural persons. Every business needs to take appropriate measures in order to comply with the changing legislative environment.
It is important to emphasize that the regulation has a serious application, even outside of the EU. The GDPR applies in all cases where data of European citizens is processed, no matter where in the world.
Which data is personal within the meaning of GDPR?
This is all the data that can identify a natural person, such as name, e-mail, contact information, Personal ID Number, bank or insurance information, location etc. In the meaning of GDPR, IP addresses also fall into the personal data column. Other biometric, social, economic and cultural identifiers may also be personal data.
Controller and processor
The GDPR sets out two basic definitions connected with the protection of personal data: the data controller and the data processor.
SuperHosting.BG shall process personal data, in its capacity of both as a data processor and as a controller who has instructed a third party to process personal data according to the purposes and instructions set by SuperHosting.BG OOD.
SuperHosting.BG shall be a personal data controller regarding the data provided by you as users of our hosting services. With regards to the personal data you process and store on our servers using our services, SuperHosting.BG shall act as a processor.
Regarding domain registration, SuperHosting.BG shall be a processor for your personal data, and the relevant registers and domain registrars shall be the controllers. Under the new regulation, the information available in the WHOIS public domain shall change as well, and the registered person’s personal data shall not be visible. We expect this to be valid for the .bg and .бг domains.
With regard to SSL certification, the respective issuer shall be the controller for the particular SSL certificate, and SuperHosting.BG shall be the processor of your personal data.
Regarding the Shopiko service, SuperHosting.BG shall be a processor, and the owner of each online store shall be the controller. As a SaaS service, it will soon have the necessary tools so that every online store owner will be able to use in order to meet the regulation.
What kind of personal data shall SuperHosting.BG collect?
As a controller, we shall collect only the personal data that we need to create your customer profile with us and provide you with the appropriate service. This data shall be filled in at the penultimate step of your order for any of the services on our site, in the ‘Customer Data’ section.
What have we done to respond to the GDPR?
In addition to the mandatory administrative changes and recommendations that each company needs to organize in order to respond to the new regulation, we shall always consider the security of all data, not just personal, that you, our customers, are storing on our infrastructure, to be our top priority.
In this regard, we would like to remind that our SH Protect security system, which we implemented almost three years ago, is being improved daily and blocks tens of thousands of attempts to compromise customer information every day, without our customers even knowing about them.
Since the beginning of 2018, we have applied over 400 new signatures to the system and we are still adding more. Our security system works on multiple levels and, along with DDoS protection, our infrastructure provides the highest level of security for data storage.
You can find more on how we protect your websites and mailboxes in our blog posts on the ‘Security’ series of articles: Security campaign
How can you comply with the new regulation’s requirements?
Every business and every sector handles a variety of personal data. Apart from the fact that you need to describe and inform your customers about what personal data you retain about them, for what purpose, for what period, their rights, etc., we advise you to consult your company’s lawyers. In this way, you will be sure that you will keep all aspects of your business in compliance with the requirements of the new regulation.