Meeting GDPR Compliance

Hello! I say this because it’s probably the only article you’ve read about GDPR compliance that will ever begin with “Hello!”

GDPR is a set of regulations that protect the personal contact information of all residents of the European Union, that take effect on May 25, 2018. It sets forth rules for which companies worldwide must protect how they process and store information about their EU-residing customers, up to and including how those customers’ personal data is to be destroyed on request. Failure to protect the data can be costly, albeit through international litigation. The basic point is, EU-based customers have rights over their personal information, and if you’re a company working with those customers, you need to pay attention, and now, or else.

That sounds a bit dire, but GDPR is here and real. It’s something we all need to talk about, and it’s not something to be feared. Believe it or not, it is to be celebrated and supported. It is a platform from which companies worldwide can learn many lessons from which to ensure their own customers’ personal data is protected, whether they reside within the EU or not.

Since the creation of Canvas Host in 2002, we have endeavored to protect the personal information about all of our customers. From day one, we have held in our minds the notion that each customer is like a member of our family. Each of you have entrusted us with your business and personal data. Since that point, we have always maintained a hard line that we will never sell your data, nor use your data in any way other than to provide you the services for which you have contracted us to deliver you.

In recent months, as GDPR’s launch has approached, our company has reflected on the many things we already do to protect your personal information, and steps we take to further protect your hosting account’s data backups. We’ve taken pride in a strict Privacy Policy, and we have amended it to signify our compliance with GDPR.

As a B Corporation, we go to the ends of the Earth to be an ethical host amidst a sea of swirling uncertainty.

We’ve also resisted the tide towards “all things cloud”, and to this day host 100% of our data within our network and direct control. We do operate a secondary data center space in Bend, Oregon, for the sole purpose of storing and serving data for select customers.

What does that mean towards GDPR?

As a Data Controller and Data Controller, we have legal basis to store and manage your personal contact information. In layman’s terms, because you are a customer, we need to store your name, email address, credit card number, IP address, and so forth, because that is all part of how we are able to provide you service to your hosting account, authenticate you as a paying customer in your hosting account and the Support area, and tell you apart from a random hacker.

It is true that in the “Latest Patch” emails we send to customers, there are links we provide for services and special deals we are running. At the same time, that is solely driven by us. We have not, nor will ever sell or provide your personal contact information to a third party, unless forced by a court order. We treat the protection of your personal contact information extremely seriously.

Because of the global reach of GDPR, we have decided to apply its restrictions to all customers residing outside of the United States. And, if you are a resident of the United States, we will honor your request that we abide by GDPR’s same requirements.

If you are a resident of the EU, we have already unsubscribed you from our Latest Patch newsletter. If you wish to re-subscribe to it, you may do so at this link:

Latest Patch Newsletter Signup Form

If you have any concerns whatsoever about the protection of your personal data, please email and let us know. We are here, we are listening, and we want only to serve your needs as best we can.

Additionally, if you are a EU resident, and you are concerned about your own website visitors’ activities on the site you host with us, please contact us if you need a contract (composed in English) noting how Canvas Host acts to protect your website and its visitors. We understand this is a complex component of GDPR, and are still working to understand the full scope of how this may impact our customers in various countries.

Finally, I want to state this to every single customer: One of GDPR’s requirements is that a company elect a Data Protection Officer (DPO), who regularly reviews the company’s policies to ensure it is meeting compliance, and corrects any lapses in those spaces. Canvas Host is a relatively small team, but I have elected to take on that role. As the company’s founder, and now as the DPO, I want to personally communicate to you my intent, as I have since 2002, that this company is here because of you; We are here to serve you; And we will never sell your data, nor intentionally compromise your privacy.

Canvas Host is the only certified B Corporation web host in the world. GDPR is but a formal set of policies that for many years, we have already upheld, and we are here to learn from it. We are not a perfect business; We are a human business; And together, you have our commitment that we will work to improve what we do, and how we do it.

Thank you,

David Anderson, Founder and Co-Owner

David Anderson

This blog is published by David Anderson, Principal and owner of Canvas Host.