GDPR-compliant hosting

GDPR-compliant hosting is easiest to achieve when you choose web hosting from a European company. A company with its own servers located in Europe.

Tip: With Klarned, you’re fully GDPR compliant!

Since the active enforcement of the GDPR (General Data Protection Regulation), it’s crucial to know who can access your site and customer data, and how this access is secured.

The GDPR does not allow data processors of personal information, to originate from non-European countries. This applies throughout the entire chain, even if the provider you use is based in the EU (such as the Netherlands or Germany). If their services are hosted on servers owned by non-EU companies, you are no longer fully GDPR compliant.

Even when using an EU-based provider, you must ensure that your website connection is secured with a certificate (this gives you “https” in your address bar). While this doesn’t prevent hacking altogether, it significantly reduces the risk that the data your visitor enters into a form is intercepted en route to the server.

What does GDPR-compliant hosting mean for you?

A processor is anyone who can process data or potentially has access to do so. This includes the party responsible for server maintenance or, for example, managing server backups. In short, when it comes to websites, this refers to the web hosting provider and any additional services you offer.

Additional services for a website may include:

  • Email (Gmail)
  • Emaillist (Mailchimp)
  • Backups (dropbox)
  • Your online CRM / DRM / bookkeeping

Let’s take a closer look at your website itself. Your site likely contains more personal data than you think!

What personal data is stored or processed on my website?

Personal data refers to any information that is (entirely or partially) unique to an individual. This includes things like an email address, an IBAN bank account number, a phone number, a photo, an IP address, or a postal address. The list is quite extensive. So, if your website includes a contact form, a discussion forum, an e-learning platform, a webshop… then you are already processing personal data.

You are not allowed to store personal data on AWS/Amazon, Linode, DigitalOcean, Microsoft, Google, or similar server services. Even if they have servers located in Europe, it is not permitted under GDPR. Also be cautious with website backup services — many of these are provided by American companies.

Pay attention even with web hosts that are based in the Netherlands or elsewhere in the EU, if they rent their servers from non-European providers.

If you’re highly technical, you could choose to encrypt your (backup) data on your own PC or server before uploading it to such providers – but this comes with its own risks and responsibilities.

The solution is GDPR-compliant hosting by Klarned.

Because:

  • All our server and network hardware is fully owned by us
  • We are not part of a parent company and operate completely independently
  • We provide a data processing agreement, which is a standard part of our terms and conditions
  • All our servers are located in the Netherlands and/or the EU within our own private cloud setup
  • All websites are secured by default with an extremely strong certificate using at least ECC 256-bit algorithms
  • Backups are stored on our own hardware, in the Netherlands
  • Your data is never shared with non-EU companies — for example, we don’t use Mailchimp for our mailing lists, but MailerLite instead