GDPR GDPR requirements for hosting providers

[tallship]

The more I read the less I think I understand about the requirements particular to hosting and IT providers.

Do hosting providers running WHMCS need to register and [more than likely] pay ICO a data protection fee?

From the checklist located here: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/controllers-checklist/

And here's the specific language:

Quote

 

After May 2018 you need to pay the ICO a data protection fee.

If you have already registered with the ICO in the last year prior to May 2018, you only need to pay the fee once your current registration expires.

There are three different tiers of fee. Controllers are expected to pay between £40 and £2,900. The fees are set by Parliament to reflect what it believes is appropriate based on the risks posed by the processing of personal data by controllers. The tier you fall into depends on:

* how many members of staff you have; * your annual turnover; * whether you are a public authority; * whether you are a charity; and * whether you are a small occupational pension scheme.

 

Aside from this, What we've done so far is to enable the opt-in/opt-out capabilities in WHMCS 7.5, and we're preparing to add a couple of items to our  privacy policy and terms of service related to:

• The ability to opt-in and opt out of marketing emails at will, by the customer.
• The ability to have all user data deleted, as per the GDPR, with the proviso that such a request amounts to a request for immediate cancellation request of all services, due to the inability to connect to, or manage any services once the user account has been removed.

Much of what appears to be required flies in the face of requirements elsewhere for us to retain data for the purposes of income taxes, receipts, invoices, etc. There's just no way to delete the majority of a customer's information without also removing the ability to comply with US tax codes pertaining to the retention of receipts and transactions which is required for documenting taxable income, deductions, etc.

Does someone have just a few simple things we need, as a standard hosting company, to implement in this regard?

[jayjay]

@tallshipCame across this thread as I have the same question - did you end up finding out if the data protection fee is a must even with WHMCS?

[CodeCo]

Consultant a lawyer for accurate information. I'm not a lawyer. 

That said, you'll need to pay the ICO data protection fee if you're a UK company handling personal data, which WHMCS does.