Hosting Provider

[Graham Marcroft]

Good Morning All,

I have a question and would really love to hear the views of all here (well as many as would like)

As a hosting provider, who specialise in hosting digital agencies, we have contracts with our Digital Agencies, they then in turn have contracts with their customers, but we host their customers sites.

Should I have a separate GDPR contract with all of the digital agency's customers? or would you say I just need a contract with the digital agency?

I would REALLY love to hear the advice

Thanks

Graham

 

[Hitesh Mistry]

Hi Graham

I'd just have contracts with the Digital agency.

The Digital Agency should be making their customers aware of where data is stored, 3rd party processes etc

As long as you can demonstrate that you are GDPR compliant, you can pass this on to your customers

Take a look at GDPRTracker.co.uk for more info

Hitesh

 

[Simon Plummer]

This is pretty straight forward. Sounds to me here, for the hosting services/activities you are nothing more than a processor for your customers. In turn, your customers are either a processor for THEIR customers or a controller. Either way, you are processing information for them, therefore they need to tell you lawful basis for processing, retention requirements, security controls, geographical location etc etc.

Our approach at present is to contact our customers (the controllers) sending them a questionnaire to bottom all that out. If they fail to respond, we have to (legally) cease processing the data they are responsible for. Likewise for them, if they are not the controller, they need to obtain this and cascade to you.

Regarding the contracts, this is between you and your customers only. I suggested an addendum to your current contract, clarifying controller/processor, roles and responsibilities etc.