GDPR new European privacy laws compliance?

Hi there,

Thanks for your question. We are in the process of completing our US-EU privacy shield registration which covers the transfer of data from the EU to the US so there should be no issue with your data remaining on our US servers.

The only personal data we "control" would be that of your billing account. Any data you load onto our servers is 100% yours to control and handle as you see fit. This places us in the eyes of the GDPR as a 'processor' and not a 'controller' as we do not determine what is done with the data on your VPS, you do as a customer. We do not use any data loaded on your VPS and during the process of registering with the Privacy Shield our Privacy policy will be amended to address this specifically for our European customers.

As the GDPR is still very new, and not actually law yet things may change, and I do expect them to as companies across the globe begin to challenge the GDPR in courts but only time will tell for that regard.

 

The GDPR specifically allows for MLAT treaties to be used when requesting the data, without notice being provided to the customer. The US has this agreement with many European countries but not all. This also only deals with PII from members of the EU and not run of the mill data and/or data not concerning EU members so the situations will vary depending upon the target of the data, the request etc. While I cannot give exact numbers, and it doesn't bypass the fact of the GDPR, but we deal with very very few such requests in general, and I can only think of a hand full that would revolve around EU data.

One also has to consider the CLOUD act which has passed in the US. This is what we are waiting on resolution for concerning any GDPR compliance. As it stands, any US company, be it Microsoft, Google, Facebook, Amazon, Cloudflare etc, regardless of where the data is stored around the globe, must disclose it if the criteria of the CLOUD act have been met. This does put sections of the GDPR at direct odds with US law and any company that has headquarters or a significant branch within the US (Basically meaning there's very few companies globally that aren't impacted by this). We expect this to be addressed between the EU and US with a special agreement in this regards but only time will tell.

We do treat our customers data with the utmost respect and our internal policies do align mostly with the GDPR especially as a processor we will continue to evaluate things. I do anticipate the Privacy Shield to be in place before the 25th of May and/or shortly there-after. We'll likely do a forum post or similar and Privacy Shield details will be listed on our website, privacy policy etc.