GDPR Will Affect Your Domain Name Potentially Due to Accessing WHOIS Data
For many of us, we are not familiar with the term GDPR (General Data Protection Regulation). GDPR is basically a European regulation that aims to strengthen protection for the use and storage of a person’s data. Even before it’s introduction last month, there were numerous questions raised as to its impact on users. Basically, the main impact of GDPR on domain names will be on those who have publicly listed their registration details on WHOIS. Regulating the use and availability of the personal information from domain name registrars seems to be the most practical measure. After all, GDPR will affect your domain name by access to WHOIS verification and data – at least in the short term.
To ensure compliance and avoid major hiccups following its implementation, the Internet Corporation for Assigned Names and Numbers (ICANN) has developed a model which will help ensure compliance. This would likely involve a tiered access system where personal information will be unavailable to the public. However certain third parties, for example, enforcement agencies with the proper authorisation will be allowed access to full WHOIS.
We should also take note that thick registries could still grant access to registrars to get contact data. Basically, these registries still maintained this data after GDPR was introduced. For most, the biggest challenge would be in relation to thin registries, which include .com and .net. A simple solution to this would be for registrars to maintain whitelisted IP addresses for other registrars that will give them access to Whois records.
A short term solution to this problem is for the new registrar to initiate a transfer. This should be based on receiving the EPP/auth code from the registrant. Once this is done, then the old registrar could send an email to the registrant. If they don’t approve the transfer, the losing registrar could deny the transfer.
The most active organisations involved in fighting cybercrime and protecting Internet users are law enforcement, security researchers, the Anti Virus (AV) vendors and Computer Emergency Response Teams (CERTs). They rely on this publicly available WHOIS information in the public interest. As such, they will lose access to public WHOIS. With this, they would also lose some of their ability to detect and prevent fraud and Internet crime. A highly likely result of this is that criminals could easily hide and operate malicious software, phishing and fraud with more success.
Obviously, this is bad for the security and privacy of most Internet users. This is because they are more likely to receive more phishing emails and lose confidential data via social engineering attacks. Meanwhile, some may have their personal files stolen by malicious software. So, one can conclude that the loss of Internet security through WHOIS privacy will most likely result in more privacy violations.
Need for Data Protection Officers
Large companies which operate in large scale systematic monitoring of people could look into the possibility of employing data protection officers (DPOs). This does not necessarily have to be an expensive affair and could be staffed either by employees or contracted talent. Normally, like in the European Union, the DPO’s role has always been assumed by an attorney. This attorney would be one who has expertise in these other areas as well as project and program management. These include risk assessment and compliance monitoring skills. This is to ensure he or she will be able to understand the broad impact GDPR has on technology and business processes.
One may worry about how this new regulatory need may impact how we do business and also put us at risk of certain fines. Still, we must also understand the numerous positive aspects related to the introduction of GDPR.
Long Term Benefits
The main reason why GDPR was present in the first place was to protect us from easily falling victim to cybercrimes. This has in recent times become increasingly common across all countries and not just limited to the EU. Many may argue why they have followed these regulations. However, we must understand the sole purpose of why they were existing in the first place. Data privacy is a serious matter and comes with a heavy responsibility, regardless of which country we are in.
Following this, many have been grousing about the impact of GDPR and how it impacts our business operations. Therefore, we must remember its positive aspects. For one, GDPR greatly impacts the level of confidence our customers have. Meanwhile, it would also enhance their ease of doing business with us. Overall, all these benefits go a long way in securing their loyalty and future business.