New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
US will not arrest me and ship me to EU for renting a server there and not complying with EU regulations. That's what legal obligation means: being in a place where I can be held physically accountable for the laws in question. I'm not, I can't, therefore it's not my obligation. Just in case you're confused as to what a legal obligation is. Broken record is what this conversation is though, for real. You come to this understanding in a thread and then repeat the misunderstand again every few months. It's awkward :P
It's the client's obligation and choice. They have the information needed to make it.
I recommend mailcheap. I can't get much more friendly than to recommend my amazing competitor. Pavin is great. Give him your money. Let this be a moment not to tear me down, but to build him up. He should be the one featured here, not me. I'm struggling to maintain, he needs to grow. I'd love for him to get some more attention, he deserves it.
Incorrect. Simply because you have infrastructure in the EU does not mean you must comply with GDPR.
They do trade with EU customers too, I personally doubt that their customers US/CA based only:
http://www.salaxy.com/wp-content/uploads/2017/10/GDPR-one-pager_IT-Governance.jpg
Missing it entirely. The EU customers may need the US company to comply, the company does not. A US company can have EU customers without any legal obligation to the EU. No such treaty exists. The customers would be in violation of local ordinances, not the company.
I don't understand why this is so hard for people to understand. What if Afghanistan has laws requiring something of website owners? Do you feel like you have a legal obligation in their country if their citizen visits your website? Of course not, that's stupid. The visitor has the obligation to their government or their government has the obligation to block your website. If they really care that much they can get your government to sign a treaty to hold you accountable or they can declare war and invade to arrest you.
This is so basic I feel like I'm teaching school children. For as much as they care about privacy they must have some shit education standards over there. Maybe that's why they need privacy laws, they can't expect anyone to know what the hell they're doing when signing up for anything because they can't even figure out what a damn border is.
Having EU customers is irrelevant. You should take a look at the actual law itself.
https://gdpr-info.eu/art-3-gdpr/
Then read https://iapp.org/news/a/what-does-territorial-scope-mean-under-the-gdpr/
This article does a good job of explaining what the definition of ‘offering’ means, and you can see for yourself MXRoute.com doesn’t meet the criteria to be classed as offering services to EU citizens.
Just to add: A hosting provider will generally fall under those two scopes of GDPR:
• "Data Controller" - you harvest, possess and process billing-related data
• "Data Processor" - you store data of clients (client files, databases, emails)
GDPR compliance should not be a problem for small hosting providers. The GDPR document is relatively long, but easy to understand (no legal mumbo jumbo inside). Around one half of the document doesn't apply to providers anyway.
Just some notes:
WHMCS 7.5 does a lot of things for you. Client data export, data retention automation (deleting inactive clients), etc…
These are just some points of GDPR, this list is definitely not exhaustive nor a legal advice.
Not at all. Email Hosting is @Jarland's business. SMTP Relay is mxroute.io's.
Btw mxroute.io billing system, WHMCS is heavily integrated with MailChannels. Everything, really. WHMCS part is sorted, I'll have a new website soon. Same design but more extended.
i choose mxroute because its a US company. not a company within my country. mxroute doesn't have to obey the requests from the country i reside in.
i'm not having any highly classified emails in my inbox but i still prefer it this way.
@Jailand ?
would countries that are not part of the 'EU' be less motivated to do business with EU citizens because GDPR? thats a random thought that popped up.
Yes.
Personally, myself I'm not immediately concerned. Maybe enterprise businesses will but I would assume most startups and small businesses won't. Majority of my business comes from the United States, some from EU, but not significant enough for me to care yet.
As for now @mailcheap seems to be the only email hosting provider here on LET that is GDPR compliant. Best option for now.
I also share @jarland opinion that Pavin is a great person and has build a very reliable mail service.
Anyway I think @mailcheap still have to make some changes on their website and have some kind of GDPR article on their blog or terms of service, so we as clients can have a written doc proving the details and terms on how they meet GDPR.
As said before GDPR is not only having WHMCS. It takes much more things including having a DPO, protocol for the way internal client data is handle and stored (yes, all that files we save and keep on our computers and local backups,). It takes a lot to be GDPR compliant.
Thanks! We got some minor additions to make, namely laying out how long we retain data for (and why), but past that I think our privacy policy covers most things pretty well.
Francisco
No it does not address this - WHMCS 7.5 didn't bring an additional feature to have an additional consent for your privacy policy/data policy, WHMCS' GDPR blog post says that you should use the Terms of Service requirement that has been in WHMCS since forever, and then link to your privacy policy in your ToS.
However - this is legally not allowed since it wouldn't be a separate consent which is required by GDPR.
A DPO isn't strictly required, most small companies won't have to get a DPO.
GDPR requires an explicit consent but I don't believe it must be necessarily separate from the ToS.
I do not think so either, what he meant was that you can't link another document (read: the privacy policy) from the actual terms of service, you'd have to setup for example rules.html that needs to be ticked from WHMCS that'll include both the terms and the privacy policy from the same actual page. Correct me if I'm wrong, just trying to figure out how maybe both of you are right.
@nqservices Thank you for the mention. I have updated the FAQ (& ToS) with an EU GDPR compliance section.
Regards,
Pavin.
Having read the GDPR, I don't think I encountered anything which would prevent me from having Terms of Service and Privacy Policy on one page, linked together.
So.. how will you ask for the explicit consent when WHMCS doesn't offer the option? What I did was to create a custom field, but what surprises me, is that WHMCS didn't add an actual option to a privacy policy/data policy link, to actually get the explicit consent.
Sure, you can put it on the same page - but you'd still have to ask consent for privacy policy and ToS - so keeping them on separate pages would kinda make sense anyway.
At the same time, the consent you ask should be to a page that is written in awesome, "easy to understand"-language - generally when looking at most providers, the ToS is what contains all the legal wording that no one really understands anyway, so it would be "odd" to find legal worded text and non-legal worded text within the same page.
At first, a Treudler vps is at least compliant with the new regulation. It will disappear from Earth's face in seconds, so, all the data will be secured (gone).
Of course, for the first part of your sentence, treudler vps is comply only if you don't have any need to keep any data at all...
^^ This. The new regulation applies not to all business. There are different cases with different needs, let's say, if you have a company with less than 250 employs, if you hold data only as a phone book (e.g. journalists), if you have an e-store or if you are a big isp. A quick look to the regulation can determine if a company do have to get a DPO, or comply with an easier way.