Does This Concern Me?
The European General Data Protection Regulation (GDPR) is a hot topic this month as the new European Data Privacy Regulation is about to take effect on May 25th. It is complicated but if you have U.S.-only users, it doesn’t concern you.
This concerns you if you have websites and apps that collect personal data used by people living in the European Union or use hosting companies that are based in the EU. Websites and European-based hosting companies must be GDPR-compliant by 25 May 2018.
The GDPR will regulate how personal data of individuals in EU territory gets collected and used. It defines what personal data is – being literally everything – name, e-mail, username, address, phone number, financial data, age, behavioural data and more, and obliges everyone who collects and processes such data of EU individuals, no matter where that company or person is located around the world, to act in accordance with this regulation.
SiteGround from How is SiteGround Getting Ready for the GDPR?
Is Your Hosting Company in the U.S. but Based in the EU?
If you are using a U.S. entity of an EU-based hosting company, check their operating procedures for how EU data is handled. You may have apps or websites that ask for EU clients' data. That data may be transferred to and processed by the U.S. entity. For example, the Society for Technical Communication (STC), Washington, DC – Baltimore (WDCB) chapter's website is hosted in the SiteGround U.S. data center and we have EU users who register for competitions, mentoring, or subscribe to website posts.
How is SiteGround Handling This?
In accordance with the GDPR, SiteGround, and other hosting companies with similar setups, needs to ensure that the U.S. entity offers the same level of protection of the EU data, as guaranteed in the GDPR, even though it is subject to U.S. jurisdiction. SiteGround will regulate this through Standard Contractual Clauses*, which will be included in all contracts between U.S. and EU entities to guarantee the transfer of data is compliant with the GDPR requirements.
They are also working on a certification under the EU-US and Swiss-US Privacy Shield with the Department of Commerce that they adhere to the Privacy Shield Principles regarding the collection, use, and retention of personal information from European Union member countries and Switzerland, respectively, so they can lawfully host EU clients' data on their U.S. servers when that is needed.
Two weeks ago, SiteGround held a free webinar in the EU attended by over 6000 people interested in how the new piece of legislation affects them. The following materials are available to help those who could not attend the seminar get a better understanding of this new regulation.
- Free Live Webinar Video: "What is GDPR?"
- Blog Post: "How Is SiteGround Getting Ready for GDPR?"
SiteGround's Senior Legal Advisor, Maya Stoyanova, spoke about the new regulation and answered live questions from the audience. They received a lot of interesting questions. You may watch the recording of the webinar and read the answers of the most popular questions at https://www.siteground.com/blog/what-is-gdpr-webinar/.
You can read more about what SiteGround is doing to be GDPR-compliant in a blog post at https://www.siteground.com/blog/gdpr-siteground-getting-ready/.