GDPR for dedicated Server

fullfatdesigns · Mar 25, 2018

Hi

I've been reading up on GDPR to advise our client on changes to their websites, but I'm after peoples view on what we need to do on our server.

We have a dedicated server with about 20 websites on which back-ups to Amazon S3 every night (keeps 2 weeks worth). The whm/cpanel is on a https and if all the sites are switched to https (some are anyway), is there anything else I need to put in place?

Just after peoples views as I couldn't seem to find any guide for the actual server, just what to do on the websites.

Thanks
Wayne

Infopro · Mar 25, 2018

This new blog post may be of some use to you:
General Data Protection Regulation and cPanel | cPanel Blog

fullfatdesigns · Mar 25, 2018

Brilliant, thank you. I'll check it out. I didn't think to search the main site, only searched the forums.

james1985 · Mar 28, 2018

The blog doesn’t really explain how to make a cPanel server GDPR compliant unless I missed something?

Do you have a full rundown of tweaks and changes that need to be made to comply with the legislation passed some time ago??

I was under the impression that all backups need to be encrypted where stored?

Also I feel the email system is lacking security, for example if a cPanel login was compromised, you can easily click and view peoples emails in cPanel? Shouldn’t the email system be more secure? Even against server admins, Ask for the password? Even encrypted? A lot of personal information can be held in emails, with cPanel, one click and you can see all emails in plain text In webmail.

Many Admin teams as we know are located outside the EU and with the new legislation bringing in the tightening of data leaving the EU, is it possible to help secure clients data on the server from such security risks?

cPanelMichael · Mar 29, 2018

Hello @james1985,

Here are a couple of quotes from the blog post related to how you can approach GDPR compliance for your own company:

Where can I get more information about GDPR and my compliance obligations?
The GDPR itself is here. The European Union has created an information portal here. A number of companies provide consulting services that help with different aspects of your compliance process. While cPanel doesn’t recommend any particular approach to GDPR compliance, your lawyer or regulatory advisor may be able to point you to resources that are helpful.
Click to expand...

How does cPanel & WHM facilitate compliance with GDPR?
cPanel & WHM is intentionally a highly configurable software product. Because every customer’s determination about what is required for it to become GDPR compliant is unique, there is not a particular way that our products create compliance with GDPR, or any other law or regulation. We are committed to working with our customers and partners to understand how their compliance activities are facilitated by our products, and ways our products can help them reach compliance.
Click to expand...

As far as encrypted backups and emails, those are not direct features offered with the cPanel & WHM product at this time, but you can find discussion of such features with potential solutions at:

Backups - encryption of backups (symmetric and asymmetric)
Email storage encryption

Thank you.

lorio · Apr 11, 2018

james1985 said: ↑

The blog doesn’t really explain how to make a cPanel server GDPR compliant unless I missed something? Do you have a full rundown of tweaks and changes that need to be made to comply with the legislation passed some time ago??
Click to expand...

The GDPR is not 100% the same in every European country. Local law can overrule same passages. cPanel Inc. has to first ensure they get their stuff right (e.g what gets transmitted from every cPanel/WHM installation towards cPanel Inc.). The most complex thing seem to be able to export everything you saved about person and hand it over to that person at any point. That is the right of every user hitting a server.

The most basic thing cPanel could offer would be a tool, which removes IPs from logs. Or shortens IPs or replaces IPs with hashes.
E.g. scripts like this https://www.privacyfoundation.ch/en/services/anonip.html

You can see such tools around web analytics tools for years to be in compliance with certain European countries. GDPR makes the IP address a personal data of the user (even when the IP is assigned dynamically via the ISP of a user).

You will see more and more threads here in the future.
E.g. GDPR and Statistical Analytics

European webhosting companies which base their business on cPanel or other controlpanels will need to invest more time to customize the setups or demand features.

cPanelMichael · Apr 11, 2018

lorio said: ↑

The most basic thing cPanel could offer would be a tool, which removes IPs from logs. Or shortens IPs or replaces IPs with hashes.
Click to expand...

Hi @lorio,

Thank you for taking the time to provide us with feedback on this topic. I encourage you to open a feature request for this at:

Submit A Feature Request

Note that our feature request website is currently undergoing maintenance, but should resume functioning soon.

Thank you.

DennisMidjord · Apr 11, 2018

lorio said: ↑

The most basic thing cPanel could offer would be a tool, which removes IPs from logs. Or shortens IPs or replaces IPs with hashes.
E.g. scripts like this Anonip | Swiss Privacy Foundation
Click to expand...

Is this really required now? Should the IP be removed from the log files?
Seems like a very bad idea.

Forums

The Community Forums

Interact with an entire community of cPanel & WHM users!

GDPR for dedicated Server

fullfatdesigns Active Member

Infopro cPanel Sr. Product Evangelist
Staff Member

fullfatdesigns Active Member

james1985 Member

cPanelMichael Forums Analyst
Staff Member

lorio Well-Known Member

cPanelMichael Forums Analyst
Staff Member

DennisMidjord Well-Known Member

GDPR and Statistical Analytics

Migrating VPS to Dedicated Server question

Prevent Unparked Domains Resolving on Dedicated IP

SOLVED Running Cron Job with Dedicated IP Address

If a reseller uses a shared IP dedicated to him..

Share This Page

Useful Searches

The Community Forums

Interact with an entire community of cPanel & WHM users!

GDPR for dedicated Server

fullfatdesigns Active Member

Infopro cPanel Sr. Product Evangelist Staff Member

fullfatdesigns Active Member

james1985 Member

cPanelMichael Forums Analyst Staff Member

lorio Well-Known Member

cPanelMichael Forums Analyst Staff Member

DennisMidjord Well-Known Member

GDPR and Statistical Analytics

Migrating VPS to Dedicated Server question

Prevent Unparked Domains Resolving on Dedicated IP

SOLVED Running Cron Job with Dedicated IP Address

If a reseller uses a shared IP dedicated to him..

Share This Page

Infopro cPanel Sr. Product Evangelist
Staff Member

cPanelMichael Forums Analyst
Staff Member

cPanelMichael Forums Analyst
Staff Member