Hello, I am starting a web hosting company as a reseller for a company that is renting its servers from Google and other cloud providers. The company has the ability to log in and see my customer's information if they wanted, but they have told me and promised that they would never do that.
What documents will I need to write in order to be compliant with GDPR? I have heard about Data Processing Agreements, Privacy Policies, Cookie Policies, and many more, but I don't know which ones I will need.
I am also wondering if I have to write the name of the company that I am a reseller of, I don't want my customers to know that I am a reseller. Is it for example possible to write that we are often changing providers and that the client should contact us to get the correct information? In that way, I would minimize the risk of them finding out.
Assign topic to the user
1. What documents will I need to write in order to be compliant with GDPR?
You can find the list of documents required by GDPR in this article:
- List of mandatory documents required by EU GDPR https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
2. Is it for example possible to write that we are often changing providers and that the client should contact us to get the correct information?
I wouldn’t recommend this approach. As a web hosting company, you should act as a data processor for your customers. Thus, in the Data Processing Agreement, according to Article 28 GDPR - Processor, you must mention what sub-processors you use and what they do exactly with your customers’ personal data. According to Article 13 GDPR - Information to be provided where personal data are collected from the data subject, your customers, acting as data controllers, must inform data subjects about the processors they are using. Since there would be only one web hosting company – yours – it wouldn’t make sense to mention a category.
Please also consult these links:
- Article 13 GDPR - Information to be provided where personal data are collected from the data subject: https://advisera.com/eugdpracademy/gdpr/information-to-be-provided-where-personal-data-are-collected-from-the-data-subject/
- Article 28 GDPR – Processor: https://advisera.com/eugdpracademy/gdpr/processor/
- List of mandatory documents required by EU GDPR: https://advisera.com/articles/list-of-mandatory-documents-required-by-eu-gdpr/
- EU GDPR controller vs. processor – What are the differences?: https://advisera.com/eugdpracademy/knowledgebase/eu-gdpr-controller-vs-processor-what-are-the-differences/
- A summary of 10 key GDPR requirements: https://advisera.com/eugdpracademy/knowledgebase/a-summary-of-10-key-gdpr-requirements/
Comment as guest or Sign in
Oct 20, 2022