All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
GDPR Mail Hosting - Alternatives to MXRoute.com?
nqservices
Member
Hi all,
Saw on a tweet that MXroute.com will not be fully GDPR compliant yet. So, with GDPR law becoming active on 25 May, it’s time to look for an email hosting alternative to serve European clients.
I know that meet with GDPR is in some cases very hard. For example, your company has to have a person responsible for being the DPO (data protection officer) and many other things like the live systems, backups, dns, domain registrar, whois, internal office docs handle and storage, etc…
To resume, GDPR is no joke and to be compliant it’s not just use WHMCS…
As for now this are the alternatives I’m considering:
@mailcheap – I have contacted their support and they confirmed that they already are GDPR compliant. That is great news and seems the best option for now considering price/quality.
@rackspace – Rackspace already has a page confirming they will be GDPR compliant: https://www.rackspace.com/gdpr
@ovh – OVH will meet GDPR and they also already have a page describing:
https://www.ovh.com/fr/blog/protection-donnees-ovh-fait-evoluer-conditions-generales-de-service-gdpr/
Any other advices?
Comments
http://mxroute.io ?
mxroute.io is not a email hosting provider. They only provide email relay services.
If you're considering the "will meet" and "will be" providers, maybe consider mxroute.com too (Reference: https://www.lowendtalk.com/discussion/comment/2735207/#Comment_2735069). @MikePT can provider further details.
Im saying this because on the official @mxroute twitter they posted just 3 days ago that they will not support GDPR:
I was not aware that plans have changed. Thanks for the added information, @npservices.
You’d need that in writing to be sure of your own compliance though. This should be clearly stated. There’s no room for misunderstanding.
Do you mean I have the right to request to the provider a written document confirming that they are GDPR compliant? Also I think the provider has to have a dedicated page/url informing of their GPDR practices and also update Terms and Conditions. Correct me if Im wrong.
One should assume that all US companies aren't going to follow EU regulations, unless they explicitly state that they do.
There are no mentions on the MXRoute site, or in terms of service, about GDPR - and they tweeted that they will not be complying with the law of another country. Not sure how much more info people want.
You can request whatever you'd like, but you're dealing with a company who does not have to comply with the laws of your country. Those sound like terms an EU business needs to follow, not the rest of the world.
Well, right or not, if they want to retain your business you need to be sure they are really claiming they are without a doubt.
Yes, a GDPR compliance would normally require a fit and proper privacy policy that is ok with the new laws. The policy doesn’t need to mention GDPR however.
Aye, this is why I wanted to focus on stating that I won't be for those asking (mxroute.io will). I might be, but it won't be a specific intention. If my values and standards match a foreign law, great. If not, won't worry much.
I just prefer to be in control of my own business and standards, can't keep up with the laws of other nations. Happy to have anyone from anywhere, regardless. Equally happy to see people go where they need to, no hard feelings.
Judging by how many people here speak up about seedboxes for "Linux ISOs" I never took this for a community of fully compliant and law abiding citizens so what you aren't saying to your government that I have no obligations to, I'm certainly not either
GSuite is GDPR compliant now
>
That's Analytics, not GSuite, but yes - I assume Google would be in full GDPR compliance considering they have multiple EU facilities and probably make some good money from EU companies.
The "right to be forgotten" stuff with search is funny though, just pop open a US VPN to get the uncensored search results. Results are only hidden for EU visitors.
Aye, I agree. One shouldn't assume a US based business is. Hence why I have recommended confirming in this specific case, as it was implied that the situation may be changed but not really, by Mike I think. One cannot assume their compliance based on a forum post. This should really be made a contractual obligation if one is serious about compliance. EU business has a lot to lose in case they are found non-compliant with the new rules. The penalties are quite severe.
I'm not pointing fingers. Not implying US business has to follow the EU law. I'm just clarifying since, for example, @ThracianDog here, was under impression that this stance has changed, nothing more.
EU is good at killing small businesses, eh.
There is office365 and Exchange Online.
Nice to see a productive conversation around the subject.
Depends - smaller businesses tend to have a smaller data footprint and ways of acquiring data - meaning it's easier to "map" your sources of data, and limit the scope of how data is acquired.
The legal aspect of DPA's are indeed annoying and "cost" money to get developed (now, the great thing is that most governments issue examples or "templates" of generic DPAs that will be perfectly valid to use).
Mapping data sources for a small company shouldn't really be complicated - if it's complicated, it's the small company's own fault, if they made a "mess" from the beginning, it will be harder to comply - but it's like that with everything.
Transparency which is one of the key elements of GDPR isn't exactly hard when you know your data sources.
You're saying they're killing small businesses - that's always debatable I guess - GDPR is a lot less complicated for smaller companies than big ones - we do not require a DPO unless exceeding X employees, or if we handle very specific data. People should design with security in mind in the first place - and to be fair, if companies actually already followed the previous data protection laws we had in Europe and individual member states, then complying becomes a lot more simple.
In the Netherlands we've had a similar data protection law as GDPR the last two years - so complying with GDPR is mainly having the additional consent, the right to be forgotten and data portability.
There are certain business types that will have a harder time complying, maybe due to lack of technical knowledge - but it's like that with all laws, there are always things certain businesses are really good at, and really bad at :-)
GDPR is a big thing, various governments have already made statements they won't go out on May 25th to fine everyone that doesn't comply, but rather work together with companies (small and big) to improve on things that can be improved, and maybe be left with "warning" or lifted finger.
They do know very well, that working together with people is a lot better than fining them :-)
Now, it made me happy to see during the testify with Zuckerberg yesterday, that US want to push a similar bill to GDPR in Congress that would require more transparency in an "easy to understand"-language.
GDPR is about transparency and data security towards customers... Why do everyone think it's so bad?
Derp, I just had a chat with them. Wrong pic tho
Hello,
Because we are a company in EU, we are (and will) met with GDPR requirements.
I just took a look at your site, your not even remotely complaint.
(The following isn't addressed to you in particular.)
Nothing wrong with the GDPR per se, but I find it odd, from a pragmatic point of view, that the introduction of the GDPR should lead to a crisis of trust in mxroute.com. I mean, any customer of mxroute.com has already decided to trust mxroute.com with their data (personal + emails). I don't see how the introduction of the GDPR should affect that trust. If one didn't trust mxroute.com to begin with, then one shouldn't be using mxroute.com, independently of the GDPR. If one does trust mxroute.com, then the introduction of the GDPR shouldn't affect this trust -- at least, I don't see why it should.
Furthermore, why focus just on mxroute.com? There are a number of non-EU providers on LET (buyvm, ramnode, etc.). Are they all going to conform to the GDPR?
I thought this too however I got the impression that this was a business requirement for the OP who already has active mxroute services to have end to end GDPR given the productive conversation which is fair enough.
If it's a business requirement, then yes, I understand. (This wasn't completely clear from the OP's opening post, but perhaps the user name "nqservices" is suggestive. But I also said that I didn't mean to address the OP in particular.)
Personally, I find that an insult to the companies that invested time and money to comply before the deadline.
To be constructive, :-) maybe Amazon SES? Presumably, they will comply.
Hey, nothing illegal about Linux ISOs!
So, if you unintentionally forgot something, you want to get fined right away?
There will always be people that blindly ignore laws, and take the risk - if these slip through with a warning.. then sure - ain't really optimal, but on the other hand, there might be companies that invested time and money to comply before the deadline, but managed to misunderstand or forget a minor thing - would you want these to get fined right away or get a warning and say: "We can see you're generally covering the law, however you forgot a minor thing. Please correct this".
If you're driving on the highway and wanna do a lane change - if you forget to signal, then you want to get a fine directly, or a friendly reminder that you should signal in the future?
You'd be breaking the law in many countries by not signaling a lane change - question is, how hard you should be punished for your mistake (either being intentional or unintentional).
It has to be handled on a case by case basis - if a company 100% blindly ignores GDPR and doesn't care at all, despite they're required to comply - then sure, fine them due to their ignorance - but if someone actually tried to comply, but forgot a minor thing - then lift a finger, fix it and move on.
Just wondering, since mxroute.com and mxroute.io are already bedmates, and given that mxroute.io will conform to the GDPR, would it be so completely unrealistic to have a branch of mxroute.io deal with email hosting (using the infrastructure of mxroute.com) conforming to the GDPR, for those who want/need the GDPR? Or would this be way too complex and messy to implement? (Obviously, not for the end of May, but with time?)
Handling case by case would be fine with me, but that is not what will happen as I have understood because companies which did nothing will just be given extra time. I find that stupid because everyone has had two years to comply already.
Majority of people tend to only do things just before the due date, I don't think that's a new "thing".
It's up to the local governments how they handle things - It would be disappointing if companies that did nothing at all, wouldn't get fined, at least people by May 25th should have put some effort into it.
Personally, in my case, I found the whole thing a nice experience (even though it took time), because it actually allowed me to reconsider certain parts of my infrastructure to be more secure or limit the scope of data collection that I really didn't need.
I've even saved money by implementing changes