Data subjects of GDPR regarding Plesk are:

• Plesk administrators, who provide their personal data (e-mail) to receive Plesk licenses or newsletters. We store this personal data in the Key Administrator and Partner Central services. Plesk Administrators are subjects to GDPR relations with Plesk International GmbH since we can store their personal data due to legitimate business reasons.
• Plesk users, whose accounts are created on Plesk servers. Plesk users are subjects to GDPR relations with Plesk administrators.
• Site visitors, who visit websites hosted on Plesk servers. Site visitors are subjects to GDPR relations with Plesk administrators.

The table below shows how different Plesk versions handle GDPR aspects.

The following updates are required to have the GDPR related fixes installed on your server(s):

• Plesk Onyx 12.0.18 Update 103 (Linux)
• Plesk Onyx 12.0.18 Update 103 (Windows)
• Plesk Onyx 12.5.30 Update 76
• Plesk Onyx 17.0.17 Update 51
• Plesk Onyx 17.5.3 Update 48
• Plesk Onyx 17.8.11 Update 8

GDPR compliance Aspect	11.x and older (unsupported versions)	Plesk 12.0,12.5 (unsupported versions) Plesk Onyx 17.0	Plesk Onyx 17.5, 17.8	Plesk Obsidian
Storing the Plesk administrator's personal data	These Plesk versions are not GDPR compliant because they send personal data of the Plesk administrator to the Key Administrator and the Partner Central services.  *	Plesk explicitly requests consent or a contract agreement from the Plesk administrator before sending their personal data to the Key Administrator and the Partner Central services.  *	Plesk explicitly requests consent or a contract agreement from the Plesk administrator before sending their personal data to the Key Administrator and the Partner Central services.
Storing the Plesk administrator aliases and non-admin Plesk users' personal data	Personal data of Plesk administrator aliases and non-admin Plesk users is not sent anywhere regardless of the Plesk version.
Storing the visitor IP addresses for websites hosted on Plesk	Plesk does not anonymize IP addresses in logs. You can rotate the logs via log rotation.  *  Note: this data is not sent anywhere.		Plesk anonymizes IP addresses in logs. You can rotate the logs via log rotation.  **  Note: this data is not sent anywhere.

* Since Plesk versions 11.x, 12.x, and earlier are no longer officially supported, they may not be in full compliance with the current privacy regulations. We strongly recommend updating to the latest Plesk version. Plesk takes no responsibility for breaches of any laws caused by using non-supported versions of Plesk.
Note: personal data sent by Plesk versions 11.x and older is not stored in the Key Administrator and the Partner Central services any more.

** GDPR does not specify exactly how long IP addresses can be stored. When IP addresses are anonymized, each address is kept in its original form for 24 hours. As for log rotation policies, Plesk users have the ability to configure them as they see fit.

Clients IP addresses are logged by the following services:

• Nginx, Apache, ProFTPD, Mail
• AWStats, Webalizer

Below you can find recommendations for solving the issue on your servers, including the instructions for turning IP addresses logging off for Nginx and Apache servers.

Aspect	Plesk versions applicability	Solution	Side effects
Enable IP addresses anonymizing	Plesk Onyx 17.5-17.8 Plesk Obsidian	Panel UI and CLI instruction	There should be no side effects. Fail2ban should continue working since File2ban processes log files before they are anonymized.
Disable web statistics tools (AWStats, Webalizer)	Plesk 12.0-12.5 Plesk Onyx 17.0-17.8 Plesk Obsidian	Instruction of how to disable	Users will not be able to use the web statistics tool in Plesk.
Force log files Rotation	Plesk 12.0-12.5 Plesk Onyx 17.0-17.8 Plesk Obsidian	Instruction with a script which enforces daily rotation policy for logs files	The "Logs rotation management" permission will be automatically removed from all service plans and subscriptions. Daily log rotation will be enforced for all existing domains. Since Plesk clients and resellers will be still able to change log rotation settings, we recommend adding the script to crontab.
Disable IP addresses logging	Plesk 12.0-12.5 Plesk Onyx 17.0-17.8 Plesk Obsidian	Instruction how to disable IP address logging	The following services will not work: Fail2ban web sites protection will NOT work AWStats and Webalizer web statistics will continue to work, but will lose aggregations statistics based on IPs