Liquid Web’s GDPR Compliance: Your Questions Answered!

Posted on by Liquid Web | Updated:
Home > Blog > Solutions > Liquid Web’s GDPR Compliance: Your Questions Answered!

Liquid Web is taking GDPR compliance seriously. Have questions about the upcoming GDPR changes and how Liquid Web is ensuring compliance?

We’re here to help!

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR EU 2016/679), which replaced the European Union (EU) Data Protection Directive (known as Directive 95/46/EC), is European privacy law.

The aim of the GDPR is to strengthen data privacy and protection for individuals within the EU, both citizen, and non-citizen, as well as the transfer of EU personal data outside of the EU.

It became enforceable on May 25, 2018.

Q: Is Liquid Web GDPR compliant?

A: Yes! See the answers below for answers to your questions about Liquid Web and GDPR compliance.

Q: To whom does the GDPR apply?

A: The GDPR applies to any organization that processes and holds personal data of EU data subjects, regardless of whether or not the organization is a member of the 27 EU member states. The GDPR also applies to both citizens of the 27 EU member states, as well as any individuals transmitting data outside of the EU while traveling within the EU member states. The United Kingdom is no longer a member of the EU.

Q: What countries make up the 27 EU member states?

A: Here is a list of all 27 EU member states:

  1. Austria
  2. Belgium
  3. Bulgaria
  4. Croatia
  5. Cyprus
  6. Czech Republic
  7. Denmark
  8. Estonia
  9. Finland
  10. France
  11. Germany
  12. Greece
  13. Hungary
  14. Ireland
  15. Italy
  16. Latvia
  17. Lithuania
  18. Luxembourg
  19. Malta
  20. Netherlands
  21. Poland
  22. Portugal
  23. Romania
  24. Slovakia
  25. Slovenia
  26. Spain
  27. Sweden
GDPR Compliance - image of the countries of the EU

Q: As an EU Customer, am I able to host my data outside of the EU under the GDPR?

A: Yes, you may continue to host data outside of the EU as long as your hosting provider demonstrates GDPR compliance.  Liquid Web is Privacy Shield certified to help ensure the proper level of protection for all data that passes through our system.

Q: How does Liquid Web address international transfers of data?

A: Liquid Web complies with EU data protection laws regarding the international transfer of data.  

Specifically, Liquid Web self-certifies under the EU-US Privacy Shield and the Swiss-US Privacy Shield, which address the transfer of data from the EU and Switzerland to the US.  Liquid Web also offers the EU Standard Contractual Clauses to meet the data security requirements for its EU customers.

Q: How does the GDPR affect my contract with Liquid Web?

A: If you determine that the GDPR applies to your company and you are a Liquid Web customer, Liquid Web offers a Data Processing Addendum (DPA) that outlines Liquid Web’s commitment to compliance with the GDPR as the customer’s processor.  

You can download a copy of the DPA via the Liquid Web customer portal which has been pre-signed by Liquid Web. You may also need the list of sub-processors, available on our website.

Q: Is Liquid Web a Controller or Processor?

A: Under the GDPR, a “controller” determines the purpose of the personal data processing while a “processor” processes the personal data on behalf of the controller. Under our customer agreements, Liquid Web is a “processor” and the customer is a “controller.” Liquid Web processes the Customer Data according to a customer’s instructions.

There may also be times when Liquid Web is a “controller.”  For example, Liquid Web acts as a controller when it collects customer data such as account information, registration, or customer contact information to establish a new customer, or to provide customer support.

Q: Does Liquid Web have Sub-processors?

A: Yes. Liquid Web has a list of Sub-processors is available on our website.

Q: If I use Liquid Web’s hosting environment, do I have to comply with data protection laws?

A:  When using Liquid Web’s services, the customer maintains ownership of the Customer Data and controls how such data is accessed and controlled.  Liquid Web has no knowledge of the types of data that a customer stores in our hosting environment. Therefore, all customers are responsible for ensuring compliance with applicable laws and regulations to protect such information.  

Liquid Web - GDPR Compliance

Q: I am an eCommerce retail business hosting with Liquid Web. What should I know about the GDPR?

Q: Does my customer information have to be encrypted? For example, do I have to encrypt stored emails?

A: The GDPR requires that the “processor” maintain appropriate technical and organizational measures for protection of the security, confidentiality, and integrity of personal data.

Q: Do the GDPR laws apply since the United Kingdom has officially left the EU?

A: Yes. The EU has established an adequacy decision for the United Kingdom, which means unrestricted business (no changes) until 2025.

Q: Does Liquid Web hold any security certifications?

A: Yes we do. See the list of all Liquid Web’s Certifications.

Still Have Questions about GDPR Compliance?

Please send any additional questions about the GDPR to privacy@liquidweb.com.