Self-hosting and privacy laws

General Data Protection Regulation (GDPR) is the EU data protection law and apply to personal data about individuals such as name and email address. And for businesses this means that it is important to keep track of what, where and how the data is stored and to ensure it is safe. On the where part it seems that it needs to be kept within EU which makes it a problem to use many of the popular north american SaaS solutions even if there is a US company safe list it is not competely clear if it is complying with the regulations.

More information about GDPR

Other privacy laws from around the world

  • CCPA & CPRA (California)
  • VCDPA (Virginia)
  • CPA (Colorado)
  • CTDPA (Connecticut)
  • UCPA (Utah)
  • LGPD (Brazil)
  • PIPEDA (Canada)
  • APPI ( Japan)
  • PDPA (Thailand)
  • FADP (Switzerland)

How the law so far been implemented

It is hard to know to which degree the laws are implemented and as a European company (or simply doing business that involved european citizens), adhering to GDPR is not optional and the risk of getting penalties must be evaluated for each company. For example, Swedish companies CDON and Tele2 were fined for not adhering to GDPR rules by using Google Analytics incorrectly. Other companies in the EU have had similar fines; thus, knowing which statistics tools are used and how they are implemented is essential. 

According to the EU Commission webpage, not all SMEs (Small and Medium Enterprises) need to adhere to all obligations of GDPR laws; those under 250 employees are exempt from keeping records of the processing activities:

 

“For instance, companies with fewer than 250 employees don’t need to keep records of their processing activities unless processing of personal data is a regular activity, poses a threat to individuals’ rights and freedoms, or concerns sensitive data or criminal records.”

Source: European Commission

Self-hosting as a solution

A self-hosted solution can offer several benefits for adhering to GDPR and similar privacy laws elsewhere. Self-hosting allows you to maintain full control over your data. You can decide where your data is stored, how it is processed, and who can access it. This level of control helps you comply with GDPR's data protection principles, such as data minimisation and purpose limitation. Self-hosting reduces reliance on third-party vendors for data processing. Keeping data within your infrastructure mitigates the risks associated with sharing personal data with external service providers. This can help comply with GDPR's requirements for data transfers and avoid these to countries outside the European Union (EU).

  1. Enhanced Security: With a self-hosted solution, you can implement robust security measures tailored to your specific needs. You can choose and configure security protocols, encryption standards, and access controls to protect personal data. This control helps meet GDPR's requirement for ensuring the security and confidentiality of personal data.

  2. Transparency and Auditability: Self-hosting enables better transparency and auditability of data processing activities. You can maintain detailed logs and records of data processing activities, including data transfers, access requests, and modifications. This transparency assists in demonstrating compliance with GDPR's accountability principle and facilitates regulatory audits.

  3. Flexibility and Customization: Self-hosted solutions provide greater flexibility and customisation options. You can design and configure your systems to align with specific GDPR requirements, such as data subject rights (e.g., right to access, rectify, erase data) and lawful basis for processing. This flexibility allows you to tailor your processes to meet unique organisational needs.

  4. Geographical Data Sovereignty: Some privacy laws, including GDPR, restrict the transfer of personal data to countries without adequate data protection laws. By self-hosting, you can ensure that personal data remains within your jurisdiction or in countries with suitable privacy frameworks, reducing the risk of non-compliance with data transfer regulations.

Installation

How to install Cradle CMS with Podman or Docker on a Linux server.

Using the system and building sites

This is a self-hosted All-in-One site builder with complete admin views for content management, site settings and collaboration.

Server setup

This software is optimized for efficient use of servers, and it is part of our design that it is cost-effective to run. With Cradle CMS you can deploy in a single-server setup or multi-server setup.

Frontend DX with Cradle CMS

With Cradle CMS, you need not be a full-stack developer to get great-performing web pages. There is no build step. Dependencies other than what you wish to include in a project are already managed in each release. 

Self-hosting and privacy laws

Self-hosting creates possibilities to control and secure your data tailored to the needs of the privacy laws you need to follow. 

Built with boring technology

We believe that boring technology can often be the most effective and efficient choice for software development leading to more focus on innovation and growth.