How we moved towards full GDPR Compliance
The General Data Protection Regulation (GDPR) stirred up much commotion. But finally went into effect May 25, 2018. Are we ready? You bet.
For all our EU-based customers, partners and friends, we know you need full disclosure on what Plesk has worked on for full GDPR-compliance. So read on to see how this will impact you and your relationship with Plesk going forward.
What is GDPR exactly?
The GDPR is the EU’s new data protection law, coming about to regulate how businesses, like Plesk, obtain and use your personal data. It will override the former EU Data Protection law – which was, by the way, over 20 years old! Thus, being better able to conform to the ever-evolving web and business world. You can find the full official GDPR text here.
Was there any personal data misuse before?
No, don’t worry, guys! This does not mean we’d been doing anything fishy. It just means that we worked hard to fill in any gaps and improve how we handle your information. The goal was to become fully-compliant by the May 25-deadline, and we succeeded.
For users and resellers, using Plesk is GDPR-friendly as we don’t collect much personal data. The only two instances are:
- Plesk admin’s name + email when we issue a trial / commercial license;
- Plesk admin’s email when you subscribe to a Plesk mailing list in your Plesk panel.
Your Consent and Individual Rights
To be GDPR-friendly, we need to adhere to our customers’ individual right to:
- Be clearly informed whenever consent or data is given
- Access or change your own personal data
- Be forgotten/delete personal data
- Restrict processing even if data is stored
- Have data be portable, easily readable and transferable
- Object to the processing of your data, example, for marketing
- Be notified of any data breach within 72 hours of discovery
The two elements of the GDPR most relevant to us at Plesk :
- Obtaining your consent to process data, the right way;
- Preserving your rights regarding how we use your data.
Per the GDPR, we’ll ask for your consent to collect and process your personal data, in an explicit and verifiable way. And with clear information on the why and what.
We chose to do this via a double opt-in system for our subscriptions. So you’ll agree to terms and subscriptions separately and in a more clear way. There will also be a way to manage/revoke your consent in our systems. Every email has a link at the bottom to access your subscription settings. You may opt-in (or out) of one (or all) newsletters at any time.
New Individual Rights:
The regulation includes the “right to be forgotten” – so an option to be taken off any mailing list at any time. And to have your data cleared when that happens.
And one step further, “data portability” – that you have the right to request your data at any time. In an easy-to-read and transferable format.
GDPR Compliance Checklist for Plesk
Here’s an overview of what Plesk has actioned for GDPR compliance. For further information or if you have any data requests, please refer to [email protected].
✅ Harder internal and external security measures (Updated May, 2018)
We took this opportunity to harden our security measures even further. So there are more layers of encryption and tougher authentication processes.
✅ Login Functionality fully GDPR Compliant (Updated May, 2018)
✅ Less Personal Data (Updated April 26, 2018)
We no longer collect unnecessary personal data from Key Administrator and Partner Central services. So client and reseller accounts will no longer require a Phone number, Fax, Address, City, State/Province, ZIP/Postal Code. We used generic Plesk data instead and ran tests successfully. No partners will be affected by this change.
✅ Data mapping:
We documented which personal data we collect, how, where and why we store it. We’ve then mapped out a GDPR plan of action, based on this research.
✅ Unsubscribe Option:
We already had an unsubscribe link in place for every news or marketing email we sent out. Just wanted to tick that off, because we like ticking list items.
We created and released this comprehensive information, outlining what data we collect – the why, how and with whom we share it. Then how you can access, update, or erase your personal info.
✅ Plesk University Data:
✅ Registration Check Boxes:
✅ Promotional Check Boxes:
We also added a checkbox that allows you to opt-into our promotional emails and quarterly surveys. It’s available on the user registration form and in your Plesk University account properties.
Why is GDPR Compliance important to Plesk?
We want to remind you that one of our core values at Plesk is a complete customer solution and user satisfaction. So know that this need for data privacy and security will remain at the forefront of our minds. From product changes and what we’re building, to security enhancements and legal documentation updates.
Meanwhile, we hope we’ve put your mind at ease about this hot topic. We know there’s a lot to read on this page and on GDPR compliance in general. If you’re more the chatting type (we get it, lots of us are here), just drop us a line in the comments below or join the conversation on Facebook and Twitter.