GDPR compliance?

rmws

Verified User
Joined
Aug 10, 2016
Messages
10
Hi All,

I'm surprised I see nothing about GDPR (well searched but 0 hits).

Since DA keeps log files, we -as hosting-companies- need to explain what info is kept (which is in most case just IP addresses), who can access it and for how long its kept. Also for backups (if something is setup) you need to explain this (think of database with personal information).

Whats DA their take on this?

Thanks!
 
Hello,

You as admin configure how long to store logs and who can access it. Defaults are:

- 5 days retention for web-logs, rotated and stored under user's homedir domains/domain.com/logs/
- system logs are rotated weekly by default and 4 copies are kept.

Webserver Logs do not contain passwords, but only usernames, URLs, IPs, referers, user agents.


Backups and user passwords, and other possible related to GDPR things: https://www.directadmin.com/search_versions.php?query=gdpr
 
You are right, as an admin you are responsible what data you gather and keep. Directadmin web control panel is on your server(s). As hosting company you should get a processer agreement with (all) your clients (users). There a lot of things you need to setup to get fully compliance to the new GDPR.

But, DirectAdmin itself, when selling their software to EU citizens need to move forward to GDPR compliance. For example a cookie policy, a correct privacy policy, a dpo manager, etc. etc..
 
They write here: https://www.directadmin.com/policies.php

[FONT=&quot]Visitors to our website (all pages within the directadmin.com domain) enjoy complete privacy when browsing our pages. We do not track visitor activity with cookies nor retain any specific information about visitors. IP addresses and pages viewed are logged for statistics purposes, but none of this logging activity can reveal information about a specific visitor.[/FONT]

- Need more information?


You can e-mail questions to [email protected]


So please feel free to write to them and request all the needed details.
 
It is not in my interest but the European privacy rules (GDPR) are clear. when a website stores personal data from EU citizens, what happens, when someone buys a license, the website stores data such as name, email, telephone, address, etc ...

If DirectAdmin wants to know more (I am willing to assist them), they can contact me.

In short an explanation of the GDPR:

What does GDPR mean in practice?
The GDPR offers European citizens a number of extra rights when it comes to their data.

Companies are obliged to ask their customers for data in a clear and accessible way. As a customer you have the right to require an organization to delete your data when you request it. You can request information about how and why your data will be processed. You can also request a copy of your data from the company in a machine-readable format, so that you can transfer it to another company.

If an organization discovers that there is a data breach, it must immediately make a report to the Protection Authorities. This duty to report does not change with the new legislation. However, the possible fines have changed considerably.

Who is involved in GDPR?
Every organization that processes the data of Europeans has to deal with it. No matter where in the world the company is located. Even if a company has no offices in Europe and employees have never set foot on our continent, if they have EU data, they must play according to EU rules from May.

When does it start?
The GDPR is effective from 25 May 2018.

What happens if companies do not keep to the rules?
Organizations that violate the GDPR rules do not just get a knock on their fingers, there are serious, potential punishments. A company that does not comply with legislation risks a fine of up to 4 percent of the annual worldwide turnover (ie not only income generated in Europe) or 20 million euros, whichever is higher.
 
Last edited:
Bureaucratic heaven.

GDPR is a complete nonsense. They torture regular good businesses and make nothing to prevent criminals who sale personal data.

GDPR is only done to make more work for the bureaucrats and to give the governments "a hammer" for killing uncomfortable small businesses. That's GDPR.
 
Bureaucratic heaven.

GDPR is a complete nonsense. They torture regular good businesses and make nothing to prevent criminals who sale personal data.

GDPR is only done to make more work for the bureaucrats and to give the governments "a hammer" for killing uncomfortable small businesses. That's GDPR.
Sorry to disagree. Thank Facebook, Google and others, that are continuously are misguiding their customers.

As a hosting provider we are not thrilled about it, but as consumer I think its good. This is for sure not optimal, but without laws we are sitting ducks.
 
1. The sale of personal data on the black market was illegal before and it continues to be illegal now. There's no difference.

2. The "compliance" means that bureaucrats will go to companies to examine their infrastructure and server topology. That means that companies are now exposed to potential espionage (in case you don't think that the government agents are Angels of course).

3. Even after complete audit, nobody can stop any company to secretly collect and store personal data. No bureaucrat can stop that - I promise. Sources of potential leaks are so much that it's impossible (unless the bureaucrats themselves host and process the data which is of course nonsense). Now look at point 1.

So from the corporate viewpoint, we have:

- Criminals will continue to be criminals and will do illegal things just like before;
- Regular honest companies will be attacked by bureaucrats.

Now on your point - consumer. OK, now I will have few features:

1. I can "download my data". This is cool indeed - I like it; however it has nothing to do with security so far;
2. I can "request my data to be deleted" and the company is obliged to grant it. Guess what - I can oblige nobody to delete my data from the black market in the Tor network. Yes, my Facebook profile can disappear (just like it was possible before). Cool, but whatever. It does not fix the main issue. It's just another feature which many system already had. And it is a feature what will break the normal workflow of regular honest services (it gives the option for forgetting the crimes of consumers - think about it, criminals can now wipe-out their traces).
 
Last edited:
You as "Consumer" has the right to know and see what they do with your DATA, also only allowed if you agreed.

But as always was.
They will go on with that bullsh. if someone notices this, they say sorry we didn't know and is a software bug/failure and so on. ( so sharing and do things that are not so pleasant with your DATA)

Also everyone know you could do a lot kind of annonymous things with data but still possible to connect the info to a person ( or group), only not that clear in a simple overview / check. ( The BIG Company's has had to many time to be prepared and now they are doing it this way. ;)

Better is more strict LAWs for basic rights, as "right to equal treatment " and high fines...

While your personal data, is not equal treatment proof ( DIGITAL discrimination is still going on, and even worse in future)
Simple Examples: you connect with a poor man's speed connection to a site, they take notice, and you gett only offers that are for ...
You connect to a insurance site from a area/region with more health problems , what do you think the offer ( for health policy) if one? will be
 
Last edited:
Back
Top