Hosting

If you are hosting your own website on your own equipment, then you are the Data Controller and need to be compliant with GDPR if processing personal data.

Ask your web hosting provider whether they are providing the service as part of a reseller account.  If they are then this can add an extra complexity to the legal requirement under the GDPR.  Why? Well it adds another level into the Data Controller, Data Processor relationships :-

Website ‘Operator’ – Data Controller.

Reseller : Data Processor acting on behalf of the Data Controller above and Data Controller in their own right operating the reseller business account with a Data Processor acting on their behalf actually hosting the site.

If the agency or developer who designed the site on your behalf is also hosting or maintaining the site for you then the same applies as reseller hosting:-

Website ‘Operator’ – Data Controller.

Agency/Developer : Data Processor acting on behalf of the Data Controller above and Data Controller in their own right operating the their business with a Data Processor acting on their behalf actually hosting the site.

If the organisation hosting your wesbite is not a self, reseller or agency hosting company and own their own data centre(s), there is likely to be a one to one relationship so far as the GDPR is concerned:-

Website ‘Operator’ – Data Controller.

Data Centre Hoster : Data Processor acting on behalf of the Data Controller above, Data Controller for their own business.

If you are using a ‘Cloud’ provision to host your website then you will need to find out under which scenario the hosting is being provided.

Additionally as you cannot identify which country the site is hosted in, you will need to ensure that the ‘Cloud’ is in a compliant ‘region’.

Many of the larger providers have got on board with the GDPR and offer the choice of data centre region as opposed to specific country your site will be hosted on.

If in doubt, check you settings now and ask about changing region if it’s non-compliant.