What Is the General Data Protection Regulation (GDPR)?

The General Data Protection Regulation (GDPR) is a data privacy law passed by the European Union (EU) and enforced since May 25, 2018. Its goal is to protect personal data and privacy for all individuals within the EU. The GDPR gives EU residents greater control over how their personal data is collected, used, and stored.

It applies to any organization, regardless of its location, that processes personal data of EU residents.

---

• What Counts as Personal Data Under the GDPR?
• Does the GDPR Affect You?
• What Rights Do EU Residents Have Under the GDPR?
• What Is Bluehost Doing to Comply With the GDPR?
• What You Need to Do to Stay GDPR Compliant
• Summary

---

What Counts as Personal Data Under the GDPR?

Under the GDPR, personal data is defined as any information that can identify a natural person, directly or indirectly. This includes:

• Full names
• Email addresses
• IP addresses
• Location data
• Identification numbers
• Cookie IDs or RFID tags
• Data related to physical, physiological, genetic, mental, economic, or social identity

Essentially, any data that can be linked back to an individual is protected by the GDPR.

Does the GDPR Affect You?

If you run a business or website that collects or handles the personal data of EU-based individuals, then yes—GDPR compliance is required. Whether you’re processing emails, collecting names for newsletters, or running an eCommerce store, you must meet GDPR standards.

Even if your business is not based in the EU, you must still comply if you offer services to EU residents or monitor their behavior online.

What Rights Do EU Residents Have Under the GDPR?

The GDPR grants the following data protection rights to all EU residents:

• Right of Access – Know what personal data is being processed and why.
• Right to Rectification – Correct inaccurate or incomplete data.
• Right to Be Forgotten – Request permanent deletion of personal data.
• Right to Restrict Processing – Limit how your data is used.
• Right to Data Portability – Move your data to another provider.
• Right to Object – Opt out of marketing or analytics processing.

Bluehost provides tools and support to help you exercise these rights or assist your customers.

What Is Bluehost Doing to Comply With the GDPR?

Bluehost has been fully GDPR compliant since May 25, 2018. Our compliance measures include:

• Updated Privacy Policy and Terms of Service
• Enhanced data handling and processing procedures
• Tools to manage, export, or delete customer data
• Restricted publishing of EU registrant data in WHOIS
• Appointing a Data Protection Officer (DPO)

We regularly review our internal practices to align with any GDPR updates.

What You Need to Do to Stay GDPR Compliant

Whether you're a Bluehost customer or a business owner with EU clients, GDPR compliance is a shared responsibility.

• As a Customer (EU Resident)
• As a Business Owner

As a Customer (EU Resident)

GDPR protects you, and Bluehost handles your data with care. We restrict WHOIS access for EU-based registrants and honor data requests where legally appropriate.

As a Business Owner

If you collect personal data from EU individuals (e.g., emails, order information, or contact forms), you act as a data controller under GDPR. This means you must:

• Obtain explicit consent for data collection
• Ensure lawful processing and secure storage
• Be transparent about how you use the data
• Respond to data subject requests promptly

Review our Privacy Center and consult legal counsel for best practices.

If you or your customers have further questions about GDPR compliance, feel free to reach out:

Data Protection Officer

• Email: [email protected]
• Website: www.newfold.com

Summary

Staying compliant with the General Data Protection Regulation is a legal obligation and a way to build trust with your users. By understanding your responsibilities under GDPR and knowing your rights, you can confidently manage data privacy whether you're an individual or a business owner. Bluehost is committed to helping you comply with GDPR standards every step of the way.