[WPMU DEV Dashboard] GDPR and Cyber Securities Compliance

Hi there,

Our company is in the process of making sure our servers, 3rd party providers and client websites hosted with us are GDPR compliant. We are also looking at a few solutions to tackle some aspects of our hosting like snapshots etc. What I would like to know is what steps is WPMUDEV going to take to meet the requirements of GDPR and what changes will be made to certain products offered by WPMUDEV in terms of plugins and how they interact with your servers. My biggest concern is how Snapshots are taken and what processes occur between a client website taking a snapshot, and what information is sent to WPMU during and after a snapshot is taken. As it stands right now, none of WPMUDEV’s full feature plugins like Snapshot and Defender can function properly without the dashboard being connected to WPMU’s servers. We as a development and hosting company obviously have our own snapshot software, server side; but something like Snapshot by WPMU for wordpress makes the entire process very lightweight and if we were to use it going forward, we would need to be assured that if a snapshot destination was set to S3 or equivelant, that no data whatsoever is transferred to WPMU servers. And if data is sent and stored on WMPU servers, what protections and compliance will WPMU be taking to ensure that data is secure, encrypted and safe. The fact that WPMU dashboard is constantly “live” streaming data to the WPMU account hub, this creates a security level we as a company have no control over to secure.

As our company is based in the EU, we have no choice but to be 100% GDPR compliant, and with the clients we deal with, we are also required to be Cyber Essentials compliant and need assurances that WPMU are planning on taking steps to accommodate business like ours going forward.

Would it possible to get a fully fledged outline of the back and forth communications WPMU servers have with a connected dashboard site, and what steps can we a business take to secure these connections and make sure that no data could be leaked at any stage of either a secure snapshot being taken. We also understand that something like the Smush plugin transfers those assets to WPMU servers too. Is this absolutely essential or will there be an update to turn this off in the future. Basically the less data we allow a 3rd party to handle, the easier it is to remain 100% compliant. We just want to know what WPMU are planning on bringing to the table for businesses like ours?