For most companies, becoming GDPR compliant was a difficult task to accomplish. In the web hosting industry, when you factor in how much data a hosting provider stores in multiple data centers and for clients all over the world, the road to GDPR compliance can seem insurmountable. Our clients tell us, the leading issue most hosting companies run into in terms of becoming GDPR compliant is how they deal with their client’s account backups. To tackle this difficult task you must ask yourself some difficult questions:
Do you have encrypted backups to secure your client’s data?
Do you have automated processes in place to delete all client backups once they have canceled their hosting service?
Do you provide your client with an automated “right to be forgotten” tool right from within their cPanel account?
Do you have separate log files dedicated to GDPR related actions (such as when and how you complied with a “right to be forgotten” request) that are retained for multiple years?
If you are like most hosting providers, your answer to the majority of these questions is “no”. Before you give up, let’s spend a few minutes talking about some of the new features we have created in our cPanel backup software, JetBackup. It may come as a surprise, but JetBackup software CAN handle all of these difficult tasks and more for you with ease, and have you well on your way to complete GDPR compliance!
If you are running a cPanel server with account backups, your backup strategy and implementation is likely NOT GDPR compliant UNLESS you have JetBackup installed with GDPR mode turned on. When it comes to GDPR compliance, there is simply no other cPanel backup software that closed the GDPR compliance gap like JetBackup!
Here is a quick overview of JetBackup’s GDPR settings within the WHM:
The hosting provider will then set the amount of days before terminated hosting account client backups are removed from the destination server (GDPR backup retention policy):
Here is a quick overview of JetBackup’s GDPR settings from within cPanel :
The hosting client can then choose whether they want regular backups or encrypted backups. If the client chooses encrypted backups they then have the option to keep their encryption key local on the server so the hosting provider can assist with the restore of a backup OR download a remote encryption key which will be required in order to restore a backup. Finally, the client has the choice to enable “The Right to be Forgotten” option which will automatically delete all his backup data within the amount of days set by the hosting provider after his hosting account has been terminated:
Lastly, the client will be provided with his encryption key that he must re-enter to successfully save these changes on his account: