The General Data Protection Regulation influences how website data is collected and stored. Learn how GDPR affects your website and how Sucuri approaches GDPR compliance in our website security products.
The General Data Protection Regulation (GDPR) sets out to create new rules for how all European residents’ data must be handled. GDPR replaces the previous 1995 EU Data Protection Directive.
GDPR came into effect on May 25th, 2018. This data regulation strengthens the rights that individuals have regarding their personal data and seeks to unify data protection laws across Europe, regardless of where that data is processed.
GDPR compliance isn’t just for European companies. GDPR applies to businesses of all sizes, no matter where you or your company is based. Yes, this also includes any Reseller users who are hosting European customers.
If you offer products and services to customers located within Europe, GDPR applies to you.
Data by the GDPR definition follows as:
“Any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.”
Examples of this type of data includes:
This data must be protected whether you share this information digitally, in written form, or if you speak to another individual with access to the data.
You are. If you’re an enterprise business, an online newsletter, or a brick-and-mortar shop, you’re responsible. If you are a corporate officer or run administrative tasks, you’re responsible. Everyone in the organization is responsible for maintaining this standard to ensure there are no potential breaches or compliance failures.
More importantly, you’ll play a role in the organization/business being responsible if the organization fails to meet the GDPR standard.
There are two tiers of fines that can be levied as penalties:
There are many requirements in place to ensure you are following the new standard accurately.
We’ve documented a couple of steps that you can take to get started with GDPR compliance. This list should not be considered comprehensive and we recommend consulting with a legal team for your organization’s needs if you’re uncertain of the scope.
Our globally distributed team has worked carefully to ensure that Sucuri’s products and services meet the requirements set forth by these new regulations. Measures we’ve taken to accomplish this include:
Sucuri has always taken privacy very seriously. At the core of our privacy and security policy, we believe that data which does not exist cannot be tracked, stolen, or compromised.
We personally collect only the data necessary for business and security purposes, which already puts us ahead of GDPR guidelines, by storing the minimum amount of Personally Identifiable Information (PII) in our proprietary systems and cache.
By generating an API key in the plugin, Sucuri collects and stores the email address you provide, as well as a copy of the audit logs generated by the server. This data is stored on Sucuri’s servers, and you may retrieve the audit logs using the same email address at any time.
Please email GDPR@sucuri.net if you have any further questions about how Sucuri handles Personally Identifiable Information (PII).
What makes Sucuri the best website security for businesses and developers?
Thought Leaders in Website Security
Sucuri Labs offers unique insights that together with our Sucuri Blog help millions of website owners protect their property. This has earned us press and media mentions from top news outlets, industry blogs, and cybersecurity journalists.