Liquid Web’s GDPR Compliance: Your Questions Answered!

May 22, 2018 Liquid Web

Liquid Web is taking GDPR compliance seriously. Have questions about the upcoming GDPR changes and how Liquid Web is ensuring compliance?

We’re here to help!

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR EU 2016/679), which replaces the European Union (EU) Data Protection Directive (known as Directive 95/46/EC), is a European privacy law.

The aim of the GDPR is to strengthen data privacy and protection for individuals within the EU, both citizen and non-citizen, as well as the transfer of EU personal data outside of the EU.

It becomes enforceable on May 25, 2018.

Q: Is Liquid Web GDPR compliant?

A: Yes! See the answers below for answers to your questions about Liquid Web and GDPR compliance.

Q: To whom does the GDPR apply?

A: The GDPR applies to any organization that processes and holds personal data of EU data subjects, regardless of whether or not the organization is a member of the 28 EU member states. The GDPR also applies to both citizens of the 28 EU member states, as well as any individuals transmitting data outside of the EU while traveling within the EU member states.

Q: What countries make up the 28 EU member states?

A: Here is a list of all 28 EU member states:






Czech Republic























United King

Q: As an EU Customer, am I able to host my data outside of the EU under the GDPR?

A: Yes, you may continue to host data outside of the EU as long as your hosting provider demonstrates GDPR compliance.  Liquid Web is Privacy Shield certified to help ensure the proper level of protection for all data that passes through our system.

Q: How does Liquid Web address international transfers of data?

A: Liquid Web complies with EU data protection laws regarding the international transfer of data.  

Specifically, Liquid Web self-certifies under the EU-US Privacy Shield and the Swiss-US Privacy Shield, which address the transfer of data from the EU and Switzerland to the US.  Liquid Web also offers the EU Standard Contractual Clauses to meet the data security requirements for its EU customers.

Q: How does the GDPR affect my contract with Liquid Web?

A: If you determine that the GDPR applies to your company and you are a Liquid Web customer, Liquid Web offers a Data Processing Addendum (DPA) that outlines Liquid Web’s commitment to compliance with the GDPR as the customer’s processor.  

You can download a copy of the DPA via the Liquid Web customer portal which has been pre-signed by Liquid Web. You may also need the list of sub-processors, available on our website.

Q: Is Liquid Web a Controller or Processor?

A: Under the GDPR, a “controller” determines the purpose of the personal data processing while a “processor” processes the personal data on behalf of the controller. Under our customer agreements, Liquid Web is a “processor” and the customer is a “controller.” Liquid Web processes the Customer Data according to a customer’s instructions.

There may also be times when Liquid Web is a “controller.”  For example, Liquid Web acts as a controller when it collects customer data such as account information, registration, or customer contact information to establish a new customer, or to provide customer support.

Q: Does Liquid Web have Sub-processors?

A: Yes. A list of Liquid Web’s Sub-processors is available on our website here.

Q: If I use Liquid Web’s hosting environment, do I have to comply with data protection laws?

A:  When using Liquid Web’s services, the customer maintains ownership of the Customer Data and controls how such data is accessed and controlled.  Liquid Web has no knowledge of the types of data that a customer stores in our hosting environment. Therefore, all customers are responsible for ensuring compliance with applicable laws and regulations to protect such information.  

Q: I am an eCommerce retail business hosting with Liquid Web. What should I know about the GDPR?

A: Please see our published article with respect to the GDPR and eCommerce retailers.

Q: Does my customer information have to be encrypted? For example, do I have to encrypt stored emails?

A: The GDPR requires that the “processor” maintain appropriate technical and organizational measures for protection of the security, confidentiality and integrity of personal data.

Q: Will the GDPR laws apply when the United Kingdom leaves the EU?

A: Yes. The U.K has passed the new General Data Protection Act, effective May 2018, to comply with the GDPR so that the United Kingdom may continue to do business with Europe.

Still Have Questions about GDPR Compliance?

Still have a question about the GDPR and Liquid Web’s Services?

Please send all questions about the GDPR to

The post Liquid Web’s GDPR Compliance: Your Questions Answered! appeared first on Liquid Web.


About the Author

Liquid Web

Liquid Web powers online content, commerce, and potential for SMB entrepreneurs and the designers, developers and digital agencies who create for them. Sign up for our newsletter to stay up to date with our latest content.

More Content by Liquid Web
Previous Article
Liquid Web Announces Protection and Remediation Services for their Managed Hosting Solutions
Liquid Web Announces Protection and Remediation Services for their Managed Hosting Solutions

LANSING, Mich., August 9th, 2018 — Liquid Web, LLC, (, the market leader in manag...

Next Article
What is HIPAA Compliant Hosting and Why Does It Matter?
What is HIPAA Compliant Hosting and Why Does It Matter?

Healthcare In 2018 Healthcare users expect to be able to access a wide variety of healthcare information on...

HIPAA Can Be Confusing - We Have Answers