Hey guys, not sure if this topic has been discussed already, at least i couldnt find a accurate one.
To sum it up: i have a small WP Agnecy in Switzerland, and the main problem we are facing at this time is data privacy. My team and me works mostly remotely, and we do maintenance, support and developing. For the last one it is actually not a big deal, since we do not handle any data of the client’s clients. But as soon as we have support or maintenance, we start to face that problem and it got so far, that I’m considering cancelling those two services.
The goal would be to limit the data we handle to a minimum, or not dealing with it at all (but mostly impossible, as far as i know)
The main issues i face here are these two: Working remotely (home office) and sub processors.
Sub processors we need for Maintenance, backup hosting and other tasks like page optimization. I mostly have a solution or a DPA (Data Processing Agreement) with Subs. Here is how we work:
Maintenance: MainWP on our own server, we do keep the extensions to a limit
Backup/Hosting: Siteground so far, but might change (they do offer a DPA tho that is valid for the new Data Law in Switzerland)
But the issue I’m really having problems with is the working remotely / working from home. For this, I was looking into Nordlayer to create a secure VPN connection but not sure if this is the solution.
I don’t want to mess with data privacy, here in switzerland it’s a pain for small businesses (its similar to GDPR, but not exactly the same and the fines can be hefty for a private responsible person).
That’s why I’m trying to handle data of client’s clients as little as possible, or even trying to find a solution where we do not have access to it at all and not make a DPA with every maintenance and support client, but it seems impossible.
May be someone is facing a similar problem. would be interesting what you do to face these problems.
​
Cheers
Tose