GDPR – General Data Protection regulations is coming into force on 25 May 2018 and applies to all businesses doing business in or with a person in the EU. We will be posting a number of short blog posts over the next two weeks offering advice on what you need to be doing as a business to get ready for GDPR. This article is about shared web hosting and GDPR. We are getting a lot of clients panicking about GDPR and asking us if they need to change their web hosting to remain compliant. The good news is about 80% of such questions so far we have replied with a recommendation that Shared Web Hosting is still appropriate and there is no need to upgrade. We’ll discuss below where we personally feel it may be advisable to move from shared web hosting and explain our logic in that thinking.
Definition: What is Shared Web Hosting?
Shared Web Hosting is any web hosting server that hosts more than one website. So for example if you have rented a Lite Plan from us or if you have a Managed VPS server from us and host more than one website on that managed server then it’s effectively shared web hosting – so more than one website sharing the server resources. This is very common and any website costing a few pounds per month will absolutely be on a shared web hosting server.
What sort of websites is shared hosting appropriate for?
Any informational website that does not collect and process private personal data. Obviously you may have a contact form on that website that emails the message to the relevant person we’re not suggesting such a website needs to move from Shared Hosting. So for example if you have an informational website about your craft business but have an online shop provided off server on Etsy for instance that is absolutely fine for shared web hosting.
Is Shared Web Hosting really ‘that’ bad?
Absolutely not. We have thousands of clients who host their websites very successfully on shared web hosting. It works well for many average websites that do not collect and process private and personal data about their users.
What is the disadvantage of Shared Web Hosting?
This would form a complete blog post in and of itself so if anyone wants to discuss this further open a support ticket for our team! However in summary with shared web hosting you share the same IP address as other sites. Hackers or Bots could use that IP to find all other sites on the same server using well known tools (and Google!) and could use that list of sites as an attack vector to start probing sites looking for weaknesses. Hosting on a shared server could expose your site as being on a particular server. We do take steps to keep our shared servers secure and it’s rare a site has a problem but there is a greater risk of problems with shared hosting. A simple Google Search of ‘The risks of Shared Web Hosting’ will give you some bedtime reading!
When should I move away from Shared Hosting?
If you are collecting personal private data from your clients such as from an online shop where you process orders (even if payments are processed off server at a third party website) it’s generally recommend in the industry that this is not hosted on a shared web server. With a Managed VPS or Dedicated Server you can completely lock down your server only installing what is needed to run your website (rather than a larger set of tools on shared hosting to run multiple websites). This ensures you will be more likely to pass any penetration testing or vulnerability testing that you may want to have done on your server processing the data to comply with GDPR (we can help with that too!).
Isn’t a Managed Server Expensive?
We’ve a special Single Account Server Offer for any client looking to move their website off of shared hosting onto a private server.
If you have any questions about GDPR Compliance we’re not lawyers so we always advise you to seek professional advice but we’re more than happy to answer any general questions as to our understanding of the new law.