Reseller Login or Sign up FAQ Search
ResellersPanel's Blog

What is the GDPR and what is our path to GDPR compliance?

GDPR data protection regulationWe manage so many of our daily activities online that the web has inevitably turned into a giant pool of personal data, which is exposed to a variety of risks, as was the recent case with Facebook.

Europe’s General Data Protection Regulation (GDPR), which goes live on May 25th, is aimed at addressing all security risks by enforcing a strict data protection regulation across the EU and beyond.

Learn more about the main principles of the GDPR, how it is meant to protect data privacy and how it will affect our relationship with you and your customers.

What is the GDPR all about?

The GDPR regulation is the most impactful piece of data privacy legislation in the new century.

Coming on the heels of the recent Facebook scandal, which revealed that the data of millions of Facebook users had been misused for the sake of third-party campaigns, the GDPR regulation is designed to regain order in how personal data is handled and stored online.

GDPR May 25th

Despite being an EU regulation, the GDPR practically affects any company that processes the personal information of EU citizens.

That said, it applies to whether or not that company is based in the EU.

For instance, if a US-based company provides goods or services to EU citizens, it automatically falls within the scope of the regulation.

Personal data and individual rights

Approved on April 14, 2016, the new set of rules treats personal data protection as “a fundamental right” of all EU citizens and consumers.

Regarding online services, personal data could include anything from an individual’s name to a physical location or an IP address.

GDPR personal data - definition

The law also covers browser cookies that can track the web activity of EU individuals.

In an effort to give consumers a bit of power in the so-called “big data” world, the new regulation also gives EU individuals more rights to their information.

All EU individuals will have the explicit right to know whether, where and for what purpose their personal data is being processed.

The GDPR empowers EU individuals to have their personal data erased or not processed further.

They can also object to having their data processed for direct marketing purposes and choose to transfer it away to another provider.

Data protection responsibilities under the GDPR

The GDPR sets out the rights of EU individuals and the respective obligations of data processing companies and organizations in a total of 99 articles.

The main business takeaway is that each company will have to justify the collection of personal data and to follow very strict rules in the process.

The regulation makes a clear differentiation between companies that direct the collection of data (data controllers) and those that actually process it (data processors).

GDPR data controller processor - definition

Both controllers and processors will be delegated data protection responsibilities that will make them equally pursuant to GDPR compliance audits.

The GDPR requires companies to revise and update their privacy policies and to make them clearer and more transparent to EU users.

They will need to clearly specify what personal information is collected, for what purposes it is used and what legal basis each purpose is backed up by.

Apart from justifying their data processing activities, however, companies will also need to take specific technical and organizational measures to ensure the highest level of in-house data protection.

Planned GDPR compliance measures on our platform

As a service provider operating on the European market, we are GDPR-bound by default.

Here is a list of the measures that will come into effect next month in order to ensure GDPR compliance across our platform.

1. Privacy policy updates

The privacy policy has to mirror each given company’s approach to become GDPR-compliant.

We are now working on a revised version of the privacy policy for clients and on a brand new privacy policy for resellers, which will clearly specify our legal grounds for personal data processing, as well as all associated individual rights and data protection responsibilities.

2. WHOIS updates

The current public WHOIS system, which is aimed at providing free access to a domain owner’s personal information, is incompatible with the GDPR’s principles.

For that reason, some registries have taken steps to hide the WHOIS details pertaining to the domains they are managing.

Others have decided to give registrants the option to agree to having their personal data exposed online via an explicit consent option on the domain search form.

We are still working on a GDPR compliance model regarding our domain name registrations and will do our best to launch it online prior to the GDPR’s enforcement date.

3. Order form updates

Minor updates will be added to the order form to ensure that customers could consent to specific activities such as receiving newsletters or having their data stored outside the European Union.

4. Reseller hosting platform updates

ResellersPanel’s reseller hosting model is not fully compatible with the GDPR’s data privacy standards.

Following a consultation with data protection advisers and learning from our industry’s best practices, we’ve had to initiate a few important, GDPR-compliant updates to our reseller hosting platform.

Those updates will include:

  • A revision of the List Clients section of the Reseller Control Panel, after which you will see the following per-client information: Username, Type of Service, Date of Purchase and Expiration Date;
  • A revision of the client’s Control Panel when accessed from the Reseller Control Panel via the “Login as reseller” button, after which you will only see information that does not directly or indirectly identify the given client as far as their personality is concerned;

In other words, in accordance with the GDPR regulation principles, which come into force on May 25th, you will be able to recognize your customers by the very details of the service they’ve purchased rather than by their personality.

5. In-house technical and organizational measures

As mentioned earlier, the GDPR will enforce a set of data protection policies on interested companies and organizations to comply with.

They will all require a substantial investment of resources in technical and organizational data protection measures for ensuring the utmost GDPR compliance level.

GDPR data protection measures

We’ve done our best to create an efficient action plan that will help us implement all the newly required measures right on time.

Among them is the very method in which we communicate with the data centers that we are partnering with to ensure that they provide the necessary data protection levels.

NOTE: We’ll keep informing you on all significant GDPR updates as they get implemented on our platform prior to May 25th. 

Related posts:

9 proven tricks to protect your WordPress site from attacks (2016 update)
Thousands of CMS sites threatened by CryptoPHP malware. Learn how to protect your sites.
Compliance with SSL security standards

Tags:

  • You’ve done a great job here explaining the changes the GDPR will bring to the RSP platform and what you are doing to get RSP compliant with the GDPR. Thanks!

    From my reading of this, without our having access to the hosting clients’ personal data through the control panel, resellers will not have to register with their respective data authorities as data controllers nor come under the purview of the regulations as data processors as long as our customers sign up through the RSP-provided public order forms. Is this correct?

    It is my belief that if we obtain customers’ personal data through our own activities and sign them up to RSP, we *will* be controlling/processing personal data and must register as data controllers with our relevent data authorities. It is worth mentioning this to resellers in a blog post, I think.

    In respect to the above paragraph, can you confirm whether the above activity is even still possible with the newly designed RSP control panel – i.e. with the new RSP control panel can we, as we are currently able to do, sign up customers ourselves via the control panel entering in their personal data as provided to us? If we create the accounts on behalf of our customers and add the personal data ourselves into the control panel, will this personal data also be visible to us or will it also be hidden? My thoughts are that if we create the accounts on behalf of our customers, since we already hold the personal data, data for the customers we add should be visible in the clients list.

    Thanks for your help.

  • resellerspanel

    Hello. Тhanks for your positive feedback! Yes, due to the strict data controlling-data processing requirements imposed by the GDPR, we’ve been forced to limit the personal data access and to take full responsibility for the data processing and protection activities on behalf of all our partners who are using our order forms. This means that if a customer signs up through the order form, you won’t have access to their private data and will not have to register anywhere, as you are not processing personal data under GDPR.
    For now, we don’t plan to stop our partners from manually creating accounts for their customers using both the public order form and the Reseller Control Panel.
    If you are signing up your customers yourself, make sure that you familiarize them with the Privacy Policy and with the special, explicit-consent opt-in box that will be featured on the order form starting from May 25th.
    In any case, once the data has been processed by us, it will be hidden from you, since we’ll take full responsibility of its processing (as explained earlier).


« Back to menu