{"id":24157,"date":"2017-02-27T08:45:46","date_gmt":"2017-02-27T14:45:46","guid":{"rendered":"https:\/\/wpengine.com\/?p=24157"},"modified":"2021-08-30T23:34:00","modified_gmt":"2021-08-31T04:34:00","slug":"interview-hosting-data-protection-danny-dagan-10up","status":"publish","type":"post","link":"https:\/\/wpengine.com\/resources\/interview-hosting-data-protection-danny-dagan-10up\/","title":{"rendered":"Interview: Hosting And Data Protection With Danny Dagan Of 10up"},"content":{"rendered":"

Our guest blog post today is by Danny Dagan (@E_D_Dagan<\/a>), a Senior Web Strategist at a leading WordPress agency 10up<\/a>. Danny graduated from Birkbeck Law School, University of London, and has written a dissertation about the new EU data protection regime. As part of his role at 10up, he works with clients on large-scale, mission-critical digital projects, often having to consider how organisations can protect the personal details of their customers in a compliant way.<\/p>\n

WP Engine takes data protection seriously, both in our compliance efforts and the ways in which we secure all user data through encryption and other best practices in security. To that end, we\u2019ve recently established a governance, risk, and compliance team within our security organization to address compliance-related activities. Given the responsibility to secure the data of EU citizens and residents, we asked Danny to share his perspective on four data protection questions we hear frequently from customers.<\/p>\n

Q: Your company hosts personal data of EU citizens and residents in your country. Do you have to store these in the country of those citizens and residents (for example, does data of Dutch citizens need to be stored in the Netherlands only)?<\/strong><\/p>\n

A: You do not have to store personal data of your users in their own country. As long as this data is stored with the EEA (that is, any European Union Country + Iceland, Liechtenstein and Norway), then you are compliant. The law on the protection of personal data in the EU has been harmonised for many years, and will become even more so when the new EU data protection regime comes into force in May 2018. The idea is that because the law is the same for all EU countries, it allows the free movement of personal data between these countries, protected by the same rules.<\/p>\n

Q: Can you store the data of EU citizens and residents outside the EU?<\/strong><\/p>\n

A:\u00a0You can, but this is a complex area that requires you to do a little bit of homework because it depends on the country and the hosting company you work with. The underlying principle is that the data you store should be hosted and processed to a standard that, in the very least, conforms with EU legal requirements. There are several methods of achieving this, the most common of which are:<\/p>\n

a. By hosting customer details in one of the countries that the EU deems has \u2018adequate\u2019 protections for personal data. The list is fairly short, and currently includes: Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Jersey, New Zealand, Switzerland and Uruguay.<\/p>\n

b. By using standard contractual terms approved by the EU that effectively mandate the hosting company you work with complies with EU data protection rules.<\/p>\n

c. In the USA – you need to ensure your hosting company is signed up to the Privacy Shield framework (the new system that replaced \u2018Safe Harbour\u2019). Note that there are currently some legal challenges to the Privacy Shield, but at the time of writing it is still your best method to ensure you can host customer data in the US.<\/p>\n

Overall, your best bet is actually to host your customer data in the EU. If you have mixed US and EU customer-base and would like to host your data in the US, check with your hosting provider that they have registered with the Privacy Shield programme.<\/p>\n

WP Engine says: WP Engine is registered under Privacy Shield and has data centre locations across Northern America, Europe and Asia. It also has a Governance, Risk and Compliance team who are able to provide guidance on specific client requests.<\/p>\n

Q: I hear there is a new data protection law in the EU. How will it affect my company?<\/strong><\/p>\n

A:\u00a0The new EU Data Protection Regulation will come into effect across the EU on 25 May 2018. It will tighten standards and responsibilities of companies in how they treat the personal data of individuals. Some noteworthy aspects of the new law:<\/p>\n