Bluehost Web Hosting Help
What is the GDPR?
GDPR is short for the General Data Protection Regulation that goes into effect on May 25, 2018. It was passed by the European Parliament to create a harmonized data privacy law across member states of the European Union (EU). Its purpose is to support privacy as a fundamental human right and therefore give EU residents rights over how their personal data is processed or otherwise used.
What is considered personal data?
The GDPR defines personal data as '... any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, or online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
Additionally, the GDPR notes that online identifiers can constitute personal data. The GDPR explains, '... natural persons may be identified with online identifiers which are provided by:
- Protocols, such as IP (Internet Protocol) addresses
- Cookie identifiers (and similar web tracking technologies)
- Radio Frequency Identification (RFID) tags (the Internet of Things)
How does this affect me?
Individuals, companies or businesses providing services to EU residents need to comply with this law. To the extent you collect EU residents' personal data (including the collection, processing, storage or transmittal of such data), GDPR requires you to comply with its terms by May 25, 2018. If you are an EU resident, this law will apply to your personal data in your bluehost account.
What rights does the GDPR provide to EU residents?
The rights of an EU resident under the GDPR, and how you can exercise those rights with respect to bluehost, are:
- Right of access: You, or your customer, can ask us what personal data is being processed (used), why and where.
- Right to be forgotten: If you, or your customer, need to cancel your bluehost account at any time, we will permanently remove your account and all information associated with it.
- Right to restrict processing: If you, or your customer, believe your personal data is inaccurate or collected unlawfully, you may request limited use of your personal data.
- Right of portability: We provide you with the ability to move any of your account data to a third party at any time.
- Right to object: If you, or your customer, decide that you no longer wish to allow your data to be included in our analytics or for us to provide personalized (targeted) marketing content at any time, you may contact us to request removal of this data.
Bluehost.com will provide the necessary mechanism to comply with requests from you, and support you in fulfilling GDPR requests from your customers.
What is bluehost doing to comply with the GDPR?
Bluehost.com has been compliant with GDPR since May 25, 2018. This included work "behind the scenes," such as reviewing and updating our agreements, policies, internal processes, features and templates to assure our compliance.
What do I need to do differently to be compliant with the GDPR?
There are two parties that have accountability for dealing with personal data, the “controller” and the “processor.” The “controller” defines the means and purpose of the use of personal data and the “processor” only acts on the behalf of what the “controller” has instructed and processes personal data for them.
Please understand that both you and bluehost have obligations and requirements for GDPR compliance.
As an EU consumer of bluehost services?
Usually, bluehost is a controller in relation to the personal data that you provide to us as a customer. Also, from May 25th, we will not publish the personal data of domain name registrants located in the EU in the WHOIS. This is to ensure our WHOIS output is compliant with the GDPR.
However, access to personal data of domain name registrants may be granted when such access is necessary for technical reasons such as for the facilitation of transfers, or for law enforcement when it is legally entitled to such access.
As a business owner that may have EU customer data?
In certain circumstances, you are acting as the controller, for example, when you decide what information from your contacts or subscribers is uploaded or transferred into your bluehost account. This means you will have some additional obligations around such things as data subject rights. We urge you to understand this and seek legal advice where you think necessary.
Our TOS require you to lawfully obtain and process all personal data appropriately. You will need to continue to do this to be compliant with the GDPR.
What if I have additional questions?
If you, or your customers, have any additional questions, please do not hesitate to contact us:
Recommended Help Content
Registration Data Access Protocol (RDAP)
Starting on August 26, 2019, the Registration Data Access Protocol (RDAP) will be a new protocol available that provides WHOIS details for generic top-level domains (gTLDs) (e.g., .com, .net).
Hotlink Protection Setup
How do I setup Hotlink Protection?
What Is Domain Privacy Protection? GDPR Domain Masking and Whois Privacy
WHOIS Domain Privacy for domains registered with Bluehost
Related Help Content
Unable to Load Data INFILE/OUTFILE
I get permission denied errors when I try to run certain commands in mysql.
I need to protect the /images folder to not show images when people type in the correct URL like www.mydomain.com/images/ to protect from prying eyes.
Email Troubleshooting General
General Email issues where should I start?
How To Transfer Domain Name To A New Registrar
This article explains how to prepare your domain to be transferred from Bluehost to a new registrar. You'll initiate the transfer itself with the gaining registrar, but there are a few things you can do to ensure the process goes smoothly.
MySQL dump of tables only no data
I would like to dump the Table Structure for my MySQL Database, but none of the data.
Clean up WordPress Meta Data
This article will explain how to clean up meta data in a WordPress database.
Any time DNS is updated, it can take up to 48 hours for those changes to take effect. This period of time is called propagation, and it applies to any and all DNS updates. This article will explain what propagation is and why it's important.
Transfer Domain Ownership
In December 2016, ICANN implemented a few amendments to their Transfer Policy. In addition to regulating inter-registrar transfers for general top-level domains (gTLDs), the updated policy sets new requirements for domain tr