How Plesk has moved towards full GDPR Compliance

How we moved towards full GDPR Compliance

The General Data Protection Regulation (GDPR) stirred up much commotion. But finally went into effect May 25, 2018. Are we ready? You bet.

For all our EU-based customers, partners and friends, we know you need full disclosure on what Plesk has worked on for full GDPR-compliance. So read on to see how this will impact you and your relationship with Plesk going forward.

DISCLAIMER: We’re no GDPR authority and don’t claim to be a legal or official source. We simply want to let you know what we’re up to regarding this topic.

We’ve now completed our GDPR Compliance updates. You can find the last notifications here.

What is GDPR exactly?

GDPR Compliance by Plesk

The GDPR is the EU’s new data protection law, coming about to regulate how businesses, like Plesk, obtain and use your personal data. It will override the former EU Data Protection law – which was, by the way, over 20 years old! Thus, being better able to conform to the ever-evolving web and business world. You can find the full official GDPR text here.

Was there any personal data misuse before?

No, don’t worry, guys!  This does not mean we’d been doing anything fishy. It just means that we worked hard to fill in any gaps and improve how we handle your information. The goal was to become fully-compliant by the May 25-deadline, and we succeeded.

For users and resellers, using Plesk is GDPR-friendly as we don’t collect much personal data. The only two instances are:

  1. Plesk admin’s name + email when we issue a trial / commercial license;
  2. Plesk admin’s email when you subscribe to a Plesk mailing list in your Plesk panel.

Your Consent and Individual Rights

To be GDPR-friendly, we need to adhere to our customers’ individual right to:

  • Be clearly informed whenever consent or data is given
  • Access or change your own personal data
  • Be forgotten/delete personal data
  • Restrict processing even if data is stored
  • Have data be portable, easily readable and transferable
  • Object to the processing of your data, example, for marketing
  • Be notified of any data breach within 72 hours of discovery

The two elements of the GDPR most relevant to us at Plesk :

  1. Obtaining your consent to process data, the right way;
  2. Preserving your rights regarding how we use your data.

Informed Consent:
Per the GDPR, we’ll ask for your consent to collect and process your personal data, in an explicit and verifiable way. And with clear information on the why and what.

We chose to do this via a double opt-in system for our subscriptions. So you’ll agree to terms and subscriptions separately and in a more clear way. There will also be a way to manage/revoke your consent in our systems. Every email has a link at the bottom to access your subscription settings. You may opt-in (or out) of one (or all) newsletters at any time.

New Individual Rights:
The regulation includes the “right to be forgotten” – so an option to be taken off any mailing list at any time. And to have your data cleared when that happens.

And one step further, “data portability” – that you have the right to request your data at any time. In an easy-to-read and transferable format.

GDPR Compliance Checklist for Plesk

GDPR Compliance

Here’s an overview of what Plesk has actioned for GDPR compliance. For further information or if you have any data requests, please refer to [email protected].

Harder internal and external security measures (Updated May, 2018)
We took this opportunity to harden our security measures even further. So there are more layers of encryption and tougher authentication processes.  

✅ Login Functionality fully GDPR Compliant (Updated May, 2018)
We also require opt-in at every stage of data collection and we’ll inform at every instance how and why we’re using this data and provide a link to our privacy policy.

Privacy policy reviewed and renewed (Updated May 24, 2018)
Not only that, but we also revisited Support and Forum privacy policies, and created university and cookie statements.

✅ Less Personal Data (Updated April 26, 2018)
We no longer collect unnecessary personal data from Key Administrator and Partner Central services. So client and reseller accounts will no longer require a Phone number, Fax, Address, City, State/Province, ZIP/Postal Code. We used generic Plesk data instead and ran tests successfully. No partners will be affected by this change. 

Data mapping:
We documented which personal data we collect, how, where and why we store it. We’ve then mapped out a GDPR plan of action, based on this research.

Unsubscribe Option:
We already had an unsubscribe link in place for every news or marketing email we sent out. Just wanted to tick that off, because we like ticking list items.

New Privacy Policy for Plesk University:
We created and released this comprehensive information, outlining what data we collect – the why, how and with whom we share it. Then how you can access, update, or erase your personal info.

Plesk University Data:
We informed users who didn’t review and accept the Plesk University Privacy Policy that from May 20, 2018, we’ll remove all personal data for which we have no explicit consent. Meaning user accounts along with course progress and certifications. Please provide required consent before May 20 if you’d like to preserve your Plesk University account and continue using it.

Registration Check Boxes:
We added a Privacy Policy check box to our registration form and into your Plesk University account properties. Registration in Plesk University now requires reviewing and accepting the Privacy Policy.

Promotional Check Boxes:
We also added a checkbox that allows you to opt-into our promotional emails and quarterly surveys. It’s available on the user registration form and in your Plesk University account properties.

Why is GDPR Compliance important to Plesk?

Why Plesk cares about GDPR

We want to remind you that one of our core values at Plesk is a complete customer solution and user satisfaction. So know that this need for data privacy and security will remain at the forefront of our minds. From product changes and what we’re building, to security enhancements and legal documentation updates.

Meanwhile, we hope we’ve put your mind at ease about this hot topic. We know there’s a lot to read on this page and on GDPR compliance in general. If you’re more the chatting type (we get it, lots of us are here), just drop us a line in the comments below or join the conversation on Facebook and Twitter.

About

Elvis Plesky
Our fun and curious team mascot's always plugged into the latest trends. He's here to share his knowledge and help you solve your tech problems.
Showing 3 comments
  • Mark Muyskens
    Reply

    Did any notifications go out to Plesk University users? I found this link via the forum but those that are less active may be surprised when their certificates get removed….

    • Debbie from Plesk
      Debbie from Plesk
      Reply

      Hey Mark, indeed they will have an email notification shortly – if they haven’t already! Thanks for your comment 🙂

  • Tom
    Reply

    What about anonymization of ip addresses in logfiles and statistics?

Leave a Comment

Start typing and press Enter to search