123 Reg and GDPR: Frequently asked questions
You’ve probably heard a lot about GDPR recently. If you’re still unfamiliar with the issue, you can read a basic guide to GDPR here.
In this article, we’ll be providing the answers to questions you, our customers, have been asking about GDPR and 123 Reg.
Is my website compliant?
Unfortunately, we can’t tell you if your own website or business complies with GDPR. We can provide you with information about our own systems and security in relation to GDPR compliance, but cannot confirm if any other aspects of your website or business comply with GDPR.
For a website when passing personal information from a visitor to your site it must be transmitted securely using SSL and stored safely. You should not leave customer data sitting around, be that on a USB stick in your laptop bag or in a CSV file on your web space.
Where does 123 Reg store data?
The answer to this question depends on which 123 Reg product(s) you use.
Hosting: If you use shared hosting, VPS, WordPress hosting or dedicated servers then the data is stored in our own EU-based data centres. We man these data centres 24/7 and ensure security, from the physical controls stopping unauthorised access within the data centre to the system teams securing the network and platforms.
Email: If you use email hosting, data is stored in our Leeds data centre. We use international web partners to filter your emails for spam and viruses, but these partners do not store any email content.
Office 365: All office 365 data is stored by Microsoft. Please see this guide on the Microsoft website for more information.
Cloud backup: For UK-based cloud backup customers, your data is stored in a UK data centre.
What is 123 Reg’s data policy?
We store data a needed to manage and run customer accounts. 123 Reg is committed to keeping its customers’ data secure, and all data we hold on you is protected by appropriate measures, including encryption.
The only 123 Reg employees who can access your data are those who need to access your data for business, such as our support teams helping you over the phone, and all such access is logged.
In addition to this, all staff who need to access your data have been trained on respecting your rights, and wider data protection issues.
Our full GDPR compliance information will be available in due course.
Can I opt out of 123 Reg marketing emails?
Customers can currently manage which emails they receive from 123 Reg via their account preferences.
In future, customers will be able to decide which communications they receive from 123 Reg when making an order, rather than configuring this via their account after sign up.
Will I need an SSL certificate after GDPR?
If your website has:
- Contact forms
- Order processing/ecommerce
- A logged in area
- A newsletter subscription form
Then it is being used to transmit personal data. Under GDPR, you need to ensure this personal data is protected. A good way to do this is to secure your site with an SSL, which will encrypt all data sent via your website.
Remember, personal information includes something as simple as a name and telephone number.
Please note that Website Builder from 123 Reg does not currently support SSL, but we are working to rectify this.
If you are currently using Website Builder with a contact form, you may wish to disable the form until SSL is available.
What if I have Domain Privacy?
Each domain registry will handle domain privacy differently. Every domain already registered with privacy continues to have the additional protections provided by the privacy service.
Where can I go for more help?
The ICO helpline mentioned above is an excellent resource. The ICO has also produced this guide to help small businesses with GDPR compliance.
You may also want to consider contacting a data protection specialist if you handle a large amount of personal data.