These days we are receiving lot of questions from clients asking if CyberHour will be GDPR-compliant. With this forum post, we would like to clarify what we have been doing and share our knowledge with becoming GDPR-compliant, both as a way to notify you what you can expect from us in the next days, before May 25, 2018, and as a way to help you out prepare for the GDPR yourselves.
The usage of our personal private data by big companies is without a doubt the hottest topic right now and we don’t think virtually anyone doubts the importance of regulations to protect against abuse and enhance the security of that personal data. The European General Data Protection Regulation - GDPR, which will take effect on May 25, 2018 is making an effort to do exactly that - regulate how personal data of individuals in EU territory gets collected and used. It defines what personal data is - being literally every little thing - from name, email, username, address, phone number, financial data, age, behavioural data and more, and obliges everyone who collects and processes such data of EU individuals, no matter where that company or person is located around the world, to act in accordance with this regulation.
CyberHour started the process of becoming GDPR-compliant about an two years ago and we completely look forward to it being enforced. We think the GDPR is good for users and good for the overall security of the Internet and we have always been acting in line with its main principles. Now our end goal is to overview and make public these internal rules, and also make sure we apply the letter and the spirit of the GDPR to all our clients, no matter if you are an EU-resident or a resident of another country.
GDPR Allow Users Stay Informed And Gives Them Control over their Personal Data.
The GDPR is a fantastic thing when you look at it from the viewpoint of the users. When a user registers for paid or free service, for an app etc, and provides their personal data, the service provider has to notify them clearly how their personal data will be used well before they complete the registration. Regardless of whether that use is for profiling and marketing, or if there is a possibility of the data to be subject of sale or transfer to third-parties, it has to be clearly stated in upfront. Users will have the ability to say NO to certain types of usage and will have to give consent - opt in - to the Terms of Service and Privacy Policy of the provider, thus making an informed choice. So, big win for the users - more control over their data, less invasion of their privacy, less spam and less intrusive advertising overall!
The Hard Bureaucracy Around The GDPR
The GDPR by design has been aiming to regulate activities of the big companies like Google and Facebook that process insane amounts of personal data and are using it to generate significant gains, but at the end of the day it affects everyone - every small business that works with any personal data. Even if a company uses data in a completely legitimate way, the new regulation requires specific modifications like rewording its Privacy policy to state explicitly what kind of usage there is, making automations in how the user can access their personal data, and more. Unfortunately, this effort to comply comes costly in both legal fees, time and deviations from standard business operations so one can focus on the GDPR with high priority.
CyberHour Getting Ready For The GDPR
In compliance with the GDPR, a hosting company like CyberHour has two responsibilities - to protect the personal data we collect from our clients upon registration (name, email, address, password, billing data) and the data our clients collect from their clients and host on our servers during their usage of our services. We have to guarantee that we collect, store and work with our clients’ data in a legitimate way and that our clients are informed how exactly we do that. On the other hand, we have to provide sufficient guarantees and undoubted transparency as processor on the way we store the data our clients host on our servers on behalf of their clients.
(Not that we have ever disclose or sell our customers data to 3rd parties for gains)
We have to guarantee that we collect, store and work with our clients’ data in a legitimate way and that our clients are informed how exactly we do that. On the other hand, we have to provide sufficient guarantees and undoubted transparency as processor on the way we store the data our clients host on our servers on behalf of their clients.
We must guarantee that we collect, store and work with our clients’ data in a legitimate way and that our clients are informed how exactly we do that. On the other hand, we have to provide sufficient guarantees and undoubted transparency as processor on the way we store the data our clients host on our servers on behalf of their clients.
Even though CyberHour has always been acting in accordance with the principles of the GDPR, there is still work to tidy up the processes we follow and comply with the letter and spirit of the law. So here is a list of the major things we are going through and why they matter.
1. Terms Of Service And Privacy Policy Updates
The GDPR states that we have to explain to clients what data we collect about them and legitimize how we use it afterwards. The fantastic news is that we collect only the minimal set of personal data that is required to deliver the hosting service. For example, we collect your physical address for invoicing and tax purposes. We don't collect your credit card data but only PayPal transaction number because we need track the payment upon purchase. We collect your email because we need to contact you regarding your orders, the status of the services, important functionality updates and, where you have consented to receive such communications, contact you with newsletters and promotions (Generally we are sending emails rarely since we hate spam regardless of the reason). We use cookies because they help us show relevant content to our website visitors and advertise based on these interactions. We don’t use any of the data collected for profiling or other secondary purposes and we do not sell it to anyone.
As per the GDPR requirements, our new Privacy Policy will fully describe why and how we collect and process personal information and any client, existing or new, would be able to validate that we handle this information carefully and sensibly.
The usage of our personal private data by big companies is without a doubt the hottest topic right now and we don’t think virtually anyone doubts the importance of regulations to protect against abuse and enhance the security of that personal data. The European General Data Protection Regulation - GDPR, which will take effect on May 25, 2018 is making an effort to do exactly that - regulate how personal data of individuals in EU territory gets collected and used. It defines what personal data is - being literally every little thing - from name, email, username, address, phone number, financial data, age, behavioural data and more, and obliges everyone who collects and processes such data of EU individuals, no matter where that company or person is located around the world, to act in accordance with this regulation.
CyberHour started the process of becoming GDPR-compliant about an two years ago and we completely look forward to it being enforced. We think the GDPR is good for users and good for the overall security of the Internet and we have always been acting in line with its main principles. Now our end goal is to overview and make public these internal rules, and also make sure we apply the letter and the spirit of the GDPR to all our clients, no matter if you are an EU-resident or a resident of another country.
GDPR Allow Users Stay Informed And Gives Them Control over their Personal Data.
The GDPR is a fantastic thing when you look at it from the viewpoint of the users. When a user registers for paid or free service, for an app etc, and provides their personal data, the service provider has to notify them clearly how their personal data will be used well before they complete the registration. Regardless of whether that use is for profiling and marketing, or if there is a possibility of the data to be subject of sale or transfer to third-parties, it has to be clearly stated in upfront. Users will have the ability to say NO to certain types of usage and will have to give consent - opt in - to the Terms of Service and Privacy Policy of the provider, thus making an informed choice. So, big win for the users - more control over their data, less invasion of their privacy, less spam and less intrusive advertising overall!
The Hard Bureaucracy Around The GDPR
The GDPR by design has been aiming to regulate activities of the big companies like Google and Facebook that process insane amounts of personal data and are using it to generate significant gains, but at the end of the day it affects everyone - every small business that works with any personal data. Even if a company uses data in a completely legitimate way, the new regulation requires specific modifications like rewording its Privacy policy to state explicitly what kind of usage there is, making automations in how the user can access their personal data, and more. Unfortunately, this effort to comply comes costly in both legal fees, time and deviations from standard business operations so one can focus on the GDPR with high priority.
CyberHour Getting Ready For The GDPR
In compliance with the GDPR, a hosting company like CyberHour has two responsibilities - to protect the personal data we collect from our clients upon registration (name, email, address, password, billing data) and the data our clients collect from their clients and host on our servers during their usage of our services. We have to guarantee that we collect, store and work with our clients’ data in a legitimate way and that our clients are informed how exactly we do that. On the other hand, we have to provide sufficient guarantees and undoubted transparency as processor on the way we store the data our clients host on our servers on behalf of their clients.
(Not that we have ever disclose or sell our customers data to 3rd parties for gains)
We have to guarantee that we collect, store and work with our clients’ data in a legitimate way and that our clients are informed how exactly we do that. On the other hand, we have to provide sufficient guarantees and undoubted transparency as processor on the way we store the data our clients host on our servers on behalf of their clients.
We must guarantee that we collect, store and work with our clients’ data in a legitimate way and that our clients are informed how exactly we do that. On the other hand, we have to provide sufficient guarantees and undoubted transparency as processor on the way we store the data our clients host on our servers on behalf of their clients.
Even though CyberHour has always been acting in accordance with the principles of the GDPR, there is still work to tidy up the processes we follow and comply with the letter and spirit of the law. So here is a list of the major things we are going through and why they matter.
1. Terms Of Service And Privacy Policy Updates
The GDPR states that we have to explain to clients what data we collect about them and legitimize how we use it afterwards. The fantastic news is that we collect only the minimal set of personal data that is required to deliver the hosting service. For example, we collect your physical address for invoicing and tax purposes. We don't collect your credit card data but only PayPal transaction number because we need track the payment upon purchase. We collect your email because we need to contact you regarding your orders, the status of the services, important functionality updates and, where you have consented to receive such communications, contact you with newsletters and promotions (Generally we are sending emails rarely since we hate spam regardless of the reason). We use cookies because they help us show relevant content to our website visitors and advertise based on these interactions. We don’t use any of the data collected for profiling or other secondary purposes and we do not sell it to anyone.
As per the GDPR requirements, our new Privacy Policy will fully describe why and how we collect and process personal information and any client, existing or new, would be able to validate that we handle this information carefully and sensibly.