All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Gdpr and webhosting providers
Hello, some questions
How do e.u. registered (and not only) hosting providers handle data deletion requests from clients? I see there are some data retention requested by law, some financial, other for email, etc. to keep for 7-10years.
How do you handle such request, you keep those or delete them, too?
Looks like you are required to keep record logs even for data request, processing them, store the details, if accepted or not.
How do you handle fraud verification, do you use external services, is it gdpr safe to do without asking and get consent from client to pass data to another company for verification?
Services like google or cloudflare, etc for captchas, are ok to use or analytics?
Do you need to inform clients if you do not operate your own infrastructure (you are a reseller) and lease other company hardware? Or do you have to inform clients if you store backups externally and request for their permission?
For web domains, you proxy buyer data or send it, as per whois rules, to upstream provider?
Billing software like blesta, whmcs, etc does their developers have access to client data?
Should be better to not store client info in it and reduce the possibilty to leak it in case of a breach etc?
Do any of you store it hashed or anon?
Also, when you send order confirmation by email, do you send client info like name or passwords etc in clear or at least you cut some, to not expose data, in transit or to client email provider. I see some providers exposing ip address when login or order, is this ok, or you can get fined if complaint is made?
Any of you have been fined by data protection agencies? If yes, why?
Comments
All request are forwarded to /dev/null.
if you ask i delete
if you don't ask i don't delete
GDPR is mostly dumb.
Intentions may seem well at surface level but I'd say most ignore it.
We're not EU based nor do we know which of our customers are EU based. With that said:
Etc.
Very underrated point, IMO. Less information given to fewer middlemen = better. Wish more hosting providers (and industries) adopted this philosophy.
I don't agree with this.. It has a lot of good things but also a lot of terrible things like those stupid consent things..
and so on.
Anything, but please stop display COOKIE & GDPR thank you!
Additionally, > @eris said:
Sure, it's good on paper and I do agree with many aspects of it. Just meant it's poorly implemented and enforced, and lot of things seem to be open to interpretation and not exactly clear.
from a user personal account or from whole your system?
For orders we find suspicious and/or trigger our basic anti-fraud mechanisms, we do ID validation via Stripe Identity.
They do a very thorough check and if they say it's fraud, it probably is, so we reject that order no matter how many "please sir, I am legit, no rick involved.".
Regarding deletion, it really depends on every situation. There are also EU and local laws that forbid deletion if certain criteria is met. But that's a thing you should consult with your lawyer not on LET.
Sorry, we can't do that
It pisses us off, just like any Internet user, but it's a requirement of the law, and it can't be ignored under great, very great penalties.
It also depends on the local legislation. For example, you cannot register .ru domains without providing personal data (passport, driver's license, etc.). The registrar does not require confirmation of your data, but has the right to request documents for confirmation in future.
Having similar laws here as it's based on GDPR (we are an EU candidate), I can tell you how most of its implemented:
Etc.
Sure you can, if only you wanted. Functional cookies don't need any consent, so all you need to do is stop using any privacy-invading tracking cookies. So why do you chose to piss off your customers then?
I don't think you are allowed to do that under GDPR (at least not for an initial, basic request)
Right.
we won't register .ru domains because of that.
No one should register .ru
According to our legislation, any information that can determine the user's IP address, location, etc., must be specified in the https://www.robovps.biz/en/privacy.html.
In any case, our billing software collects all the information and stores it in a database. Therefore, it does not matter what you choose on the website regarding cookies. If you become our customer, your personal data will be collected. For people who are worried about privacy, we offer a choice: they see a cookie notification and can immediately leave the site. We value any choice.
PS. I meant about that such pop-up notice piss of visitors. It seem annoyance.
This requirement applies not only to .ru domains. Many national domains have the same requirements.
Sir, we did diddly squat, but here is some free lip service.
This is LowEnd, deadpool incoming.
You are if your system doesn't have an automated extract system and you have to manually curate the data.
"If a request is repetitive, clearly intended to cause disruption, or requires a disproportionate amount of effort to fulfill, a fee can be charged. "
The user can already see all their data in their client areas on most hosts. So they can just copy it down themselves. Nothing stops them from doing the same thing host would do and copy paste it to an excel doc or something.
just delete
No one ever suggested that other countries didn't have their own requirements.
Maybe I'm being paranoid, but I answered your definition: "No one wants to register .ru domains." First of all, it's not true. Secondly, it follows from the context that you have a negative attitude towards .ru domains and everything related to Russia in general. I may have made a mistake, in which case I apologize.