GDPR and Shared Hosting – FAQs
GDPR – The General Data Protection Regulations – came into force on 25 May 2018 and apply to all businesses doing business in, or with, a person in the EU.
Some of our customers hosting is on shared servers and we have had a lot of questions from them asking whether shared servers confirm to GDPR regulations. So, these FAQs are about shared web hosting and GDPR in particular.
Given the high standards and demands of GDPR it is not unreasonable to ask if there is a need to change your web hosting to be compliant with GDPR. The good news is that Shared Web Hosting is still appropriate and there is no need to upgrade with all the associated additional cost and aggravation that may entail.
There are certain circumstances where it may be advisable to move from shared web hosting however.
What is Shared Web Hosting?
Shared Web Hosting is hosting data on any web hosting server that hosts more than one website. The majority of our customers are on a Managed Server and that’s shared web hosting.
What is shared hosting appropriate for?
The simple answer is any website that does not collect and/or process private personal data.
Almost every website has a contact form and if that is the full extent of your data collection, then shared hosting is absolutely fine as far as GDPR is concerned. If you collect more personal information about your contacts or customers, such as you may need in order to provide the goods or services that you offer, then that is the point at which you need to consider upgrading.
Is shared hosting bad?
No! We have plenty of customers who run very successfully, and, more to the point, are compliant with GDPR, who host their websites with us on shared servers. None of them collect personal or private information about their clients or customers.
What are the disadvantages of shared hosting?
The answer to this could be a long one, but the summary is that if you are running on shared web hosting, then you share an IP address with other websites which are also hosted on the same server.
It is possible, if the server and/or the websites’ security is weak for hackers to use that IP address IP to find the other sites on the same server and then use that list to help them explore the defences of all the sites on the same server. If you are hosting on a shared server, theoretically your website could be exposed.
We take a huge amount of trouble to keep all our shared servers secure 24 x 7 x 365. Happily we haven’t had a successful attack to date, but that doesn’t mean that it won’t happen.
If you would like some background reading on the subject, then we suggest that you Google ‘shared web hosting risks’.
When should I move away from Shared Hosting?
If you process ecommerce orders (even if payments are processed elsewhere by a third party) then it’s generally a good idea that this process should not be hosted on a shared server.
If you have a Dedicated Server or a Managed VPS you can lock down your server and only install the bare minimum that is needed to run your site which will make it easier to pass any vulnerability testing that you may want to undertake as part of your GDPR compliance process.
How hard is it to upgrade from Shared Hosting to a dedicated server?
It’s really not hard at all! You aske us to upgrade you and we will make it happen!
Assuming that we manage your DNS for you, there’s no problem at all, we can make it happen for you completely seamlessly. If you manage your own DNS, then we will need to coordinate the upgrade, but it should be very painless.
We’re really not lawyers and so we advise you to seek professional advice if you need more information than is here on our website, but we’re very happy to answer GDPR questions to the best of our ability.