For most companies, becoming GDPR compliant was a difficult task to accomplish.  In the web hosting industry, when you factor in how much data a hosting provider stores in multiple data centers and for clients all over the world, the road to GDPR compliance can seem insurmountable.  Our clients tell us, the leading issue most hosting companies run into in terms of becoming GDPR compliant is how they deal with their client’s account backups. To tackle this difficult task you must ask yourself some difficult questions:

 

Do you provide your clients an easy way to view your User Agreement, Privacy Policy and Backup Destination Information as well as record their agreement to the policies?

 

When you update your User Agreement, Privacy Policy or Backup Destination location information do you have a way to force clients to agree once more to these policies?

 

Do you have encrypted backups to secure your client’s data?

 

Do you have automated processes in place to delete all client backups once they have canceled their hosting service?

 

Do you provide your client with an automated “right to be forgotten” tool right from within their cPanel account?

 

Do you have separate log files dedicated to GDPR related actions (such as when and how you complied with a “right to be forgotten” request) that are retained for multiple years?

 
 
If you are like most hosting providers, your answer to the majority of these questions is “no”. Before you give up, let’s spend a few minutes talking about some of the new features we have created in our cPanel backup software, JetBackup.  It may come as a surprise, but JetBackup software CAN handle all of these difficult tasks and more for you with ease, and have you well on your way to complete GDPR compliance!

If you are running a cPanel server with account backups, your backup strategy and implementation is likely NOT GDPR compliant UNLESS you have JetBackup installed with GDPR mode turned on.  When it comes to GDPR compliance, there is simply no other cPanel backup software that closed the GDPR compliance gap like JetBackup!
 

Here is a quick overview of JetBackup’s GDPR settings within the WHM:

 
The hosting provider will add their User Agreement, Privacy Policy and Backup Destination Information into these 3 fields for display to their hosted clients:
 

 
 
The hosting provider will then set the amount of days before terminated hosting account client backups are removed from the destination server (GDPR backup retention policy):
 


 
 

The hosting provider will be prompted with this question after they change the GDPR User Agreement,  Privacy Policy or Backup Destination Information.  They can require the client to agree to the modified terms, as well as suspend future backups until the client has agreed to the terms:
 

Here is a quick overview of JetBackup’s GDPR settings from within cPanel :

 

The hosted client will be prompted to agree to the hosting provider’s User Agreement, Privacy Policy and Backup Destination Information (location of data) from inside their cPanel account:
 

 
The hosting client can then choose whether they want regular backups or encrypted backups.  If the client chooses encrypted backups they then have the option to keep their encryption key local on the server so the hosting provider can assist with the restore of a backup OR download a remote encryption key which will be required in order to restore a backup.  Finally, the client has the choice to enable “The Right to be Forgotten” option which will automatically delete all his backup data within the amount of days set by the hosting provider after his hosting account has been terminated:

Lastly, the client will be provided with his encryption key that he must re-enter to successfully save these changes on his account:

The GDPR Mode feature is available on JetBackup’s Edge Tier (version 3.3.2 and greater).  Jetbackup makes complete GDPR compliance an achievable task. Install JetBackup on your cPanel server today to instantly activate a 10-day free trial license!