Liquid Web’s GDPR Compliance: Your Questions Answered!

Posted on | Updated:

Liquid Web is taking GDPR compliance seriously. Have questions about the upcoming GDPR changes and how Liquid Web is ensuring compliance?

We’re here to help!

 The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR EU 2016/679), which replaces the European Union (EU) Data Protection Directive (known as Directive 95/46/EC), is a European privacy law.

The aim of the GDPR is to strengthen data privacy and protection for individuals within the EU, both citizen and non-citizen, as well as the transfer of EU personal data outside of the EU.

It becomes enforceable on May 25, 2018.

Q: Is Liquid Web GDPR compliant?

A: Yes! See the answers below for answers to your questions about Liquid Web and GDPR compliance.

Q: To whom does the GDPR apply?

A: The GDPR applies to any organization that processes and holds personal data of EU data subjects, regardless of whether or not the organization is a member of the 28 EU member states. The GDPR also applies to both citizens of the 28 EU member states, as well as any individuals transmitting data outside of the EU while traveling within the EU member states.

 Q: What countries make up the 28 EU member states?

A: Here is a list of all 28 EU member states:

Austria

Belgium

Bulgaria

Croatia

Cyprus

Czech Republic

Denmark

Estonia

Finland

France

Germany

Greece

Hungary

Ireland

Italy

Latvia

Lithuania

Luxembourg

Malta

Netherlands

Poland

Portugal

Romania

Slovakia

Slovenia

Spain

Sweden

United Kingdom

GDPR Compliance - image of the countries of the EU

 Q: As an EU Customer, am I able to host my data outside of the EU under the GDPR?

A: Yes, you may continue to host data outside of the EU as long as your hosting provider demonstrates GDPR compliance.  Liquid Web is Privacy Shield certified to help ensure the proper level of protection for all data that passes through our system.

Q: How does Liquid Web address international transfers of data?

A: Liquid Web complies with EU data protection laws regarding the international transfer of data.  

Specifically, Liquid Web self-certifies under the EU-US Privacy Shield and the Swiss-US Privacy Shield, which address the transfer of data from the EU and Switzerland to the US.  Liquid Web also offers the EU Standard Contractual Clauses to meet the data security requirements for its EU customers.

Q: How does the GDPR affect my contract with Liquid Web?

A: If you determine that the GDPR applies to your company and you are a Liquid Web customer, Liquid Web offers a Data Processing Addendum (DPA) that outlines Liquid Web’s commitment to compliance with the GDPR as the customer’s processor.  

You can download a copy of the DPA via the Liquid Web customer portal which has been pre-signed by Liquid Web. You may also need the list of sub-processors, available on our website.

Q: Is Liquid Web a Controller or Processor?

A: Under the GDPR, a “controller” determines the purpose of the personal data processing while a “processor” processes the personal data on behalf of the controller. Under our customer agreements, Liquid Web is a “processor” and the customer is a “controller.” Liquid Web processes the Customer Data according to a customer’s instructions.

There may also be times when Liquid Web is a “controller.”  For example, Liquid Web acts as a controller when it collects customer data such as account information, registration, or customer contact information to establish a new customer, or to provide customer support.

Q: Does Liquid Web have Sub-processors?

A: Yes. A list of Liquid Web’s Sub-processors is available on our website here.

Q: If I use Liquid Web’s hosting environment, do I have to comply with data protection laws?

A:  When using Liquid Web’s services, the customer maintains ownership of the Customer Data and controls how such data is accessed and controlled.  Liquid Web has no knowledge of the types of data that a customer stores in our hosting environment. Therefore, all customers are responsible for ensuring compliance with applicable laws and regulations to protect such information.  

Liquid Web - GDPR Compliance

Q: I am an eCommerce retail business hosting with Liquid Web. What should I know about the GDPR?

A: Please see our published article with respect to the GDPR and eCommerce retailers.

Q: Does my customer information have to be encrypted? For example, do I have to encrypt stored emails?

A: The GDPR requires that the “processor” maintain appropriate technical and organizational measures for protection of the security, confidentiality and integrity of personal data.

Q: Will the GDPR laws apply when the United Kingdom leaves the EU?

A: Yes. The U.K has passed the new General Data Protection Act, effective May 2018, to comply with the GDPR so that the United Kingdom may continue to do business with Europe.

Q: Does Liquid Web hold any security certifications?


A: Yes we do. See the list of all Liquid Web’s Certifications.

Still Have Questions about GDPR Compliance?

More Resources:

GDPR is Coming…Is Your WooCommerce Store Ready?

Preparing for GDPR

GDPR: What eCommerce Retailers Need to Know

Please send any additional questions about the GDPR to privacy@liquidweb.com.