Web hosting companies hold a very large volume of personal information and data

Web hosting companies hold a very large volume of personal information and data about their customers, information which is stored in data centers all over the world. For most web hosting companies it was difficult to achieve full compliance with GDPR regulations. Keep in mind that the bulk of the information pertains to personal data of webmasters who are web hosting customers of the hosting company and yes, these customers often provide web hosting services themselves (as a reseller for example). Web hosting customers claim that their biggest difficulty in complying with GDPR regulations is dealing with the need to maintain backups of their customer accounts. In order to tackle this difficult task, a web hosting provider must first ask itself a number of questions: To help of the web hosting provider help with the GDPR issue Do we provide our customers with an easy way to view the terms of use agreement, privacy policy, location of personal data retention, backup of this data as well as, maintaining customer consent to the site policy? When we update your user agreement, privacy policy or backup location information – do we have a way to force customers to agree to this policy again? Do we have encrypted backups designed to secure our customer data? Do we have automated processes designed to delete all of our client’s backups once it’s turned off its web hosting service? Do we provide the customer with an automated “right to forget” tool in his cPanel account? Do we have separate log files dedicated to GDPR-related activities (such as when and how a customer filled out a request to be “forgotten”) – files that are kept for several years? For most web hosting providers, the answer to most of these questions will be “No”. Jetserver is not like most web hosting providers. Jetserber’s JetBackup system is capable of tackling all the difficult tasks of complying with GDPR regulations and achieving for web hosting customers compliance with these regulations. For cPanel server owners or operators with backups of client accounts, their backup strategy and implementation are not compliant with GDPR, unless a JetBackup system with GDPR mode is installed which provides a backup platform from cPanel and is a solution to close gaps for compliance with GDPR regulations.

The following is a quick overview of JetBackup’s GDPR settings within WHM

A web hosting provider will add its user agreement, privacy policy and backup location information to these three fields to present them to web hosting customers. A web hosting provider will then set the number of days after the closing date of the customer’s web hosting account, in which the customer’s information is removed from the hosting server (backup storage policy according to the GDPR). A web hosting provider will use this question after making changes to the GDPR user agreement, privacy policy or backup destination data. A web hosting provider may require the customer to agree to the changed terms, as well as to suspend future backups until the customer agrees to the terms.

The following is a quick overview of JetBackup’s GDPR settings from cPanel

A web hosting customer will be asked to agree to the web hosting provider’s user agreement, privacy policy and backup locations (data location) from his cPanel account. Web hosting customers can choose whether they want standard or encrypted backups. If the client selects encrypted backups, he is given the option to keep the local encryption key on the server so that a web hosting provider can assist in restoring the backup or downloading the remote encryption key for the backup recovery. Finally, the customer is given the “right to be forgotten” option – an option that automatically deletes all its backup data within a few days set by the web hosting provider after the customer’s web hosting account has expired. Finally, a web hosting customer will receive his encryption key for re-entry and saving changes to his hosting account.