How GDPR Will Affect Your Domain Name?
GDPR will likely affect access to WHOIS data
For many of us, we are not familiar with the term GDPR (General Data Protection Regulation). GDPR is basically a European regulation that aims to strengthen protection for the use and storage of a person’s data. Even before it’s introduction last month, there were numerous questions raised as to it’s impact on users. Basically, the main impact of GDPR on domain names will be on those who have publicly listed their registration details on WHOIS. By regulating the use and availability of the personal information collected by domain name registrars, GDPR will likely affect access to WHOIS data – at least in the short term.
To ensure compliance and avoid major hiccups following its implementation, the Internet Corporation for Assigned Names and Numbers (ICANN) has developed a model which will help ensure compliance. This would like involve a tiered access system where personal information will be unavailable to the public. However certain third parties, for example, enforcement agencies with the proper authorisation will be allowed access to full WHOIS. We should also take note that thick registries could still grant access to registrars to get contact data, provided these registries still maintained this data after GDPR was introduced. For most, the biggest challenge would be in relation to thin registries, which include .com and .net. A simple solution to this would be for registrars to maintain whitelisted IP addresses for other registrars that will give them access to Whois records.
A short term solution to this problem is for the new registrar to initiate a transfer based on receiving the EPP/auth code from the registrant. Once this is done, then the old registrar could send an email to the registrant. If they don’t approve the transfer, the losing registrar could deny the transfer. The most active organisations involved in fighting cybercrime and protecting Internet users, like law enforcement, security researchers, the Anti Virus (AV) vendors and Computer Emergency Response Teams (CERTs) rely on this publicly available WHOIS information in the public interest. They will lose access to the public WHOIS, and with that some of their ability to detect and prevent fraud and Internet crime. A highly likely result of this is that criminals could easily hide and operate malicious software, phishing and fraud with more success. Obviously, this is bad for the security and privacy of most Internet users, as they are more likely to receive more phishing emails, loose confidential data via social engineering attacks, while some may have their personal files stolen by malicious software. So. one can conclude that the loss of Internet security through WHOIS privacy will most likely result in more privacy violations.
The registrant’s contact details are displayed, as required by ICANN policy.
The registrant’s contact details are concealed, but the registrant can still be contacted via the @contactprivacy.com email provided.
Because a legitimate email address cannot be displayed, there is no way for third parties to contact the domain owner.
Once again, the registrant’s information is concealed, but the registrant can still be contacted via the @contactprivacy.com email provided.
Need for Data Protection Officers
One aspect large companies which are involved in large scale systematic, monitoring of people could look into is the possibility of employing data protection officers (DPOs). This does not necessarily have to be an expensive affair and could be staffed either by employees or contracted talent. Normally, like in the European Union, the DPO’s role has always been assumed by an attorney. This attorney would be one who has expertise in these other areas as well as project and program management, such as risk assessment and compliance monitoring skills. This is to ensure he or she will be able to understand the broad impact GDPR has on technology and business processes. However, while one may worry about how this new regulatory need may impact how we do business and also put us at risk of certain fines, we must also understand the numerous positive aspects related to the introduction of GDPR.
Long Term Benefits
The main reason why GDPR was introduced in the first place was to protect us from easily falling victim to cybercrimes. This has in recent times become increasingly common across all countries and not just limited to the EU. Many may argue why they have follow these regulations, but we must understand the sole purpose why they were implemented and introduced in the first place. Data privacy is a serious matter and comes with a heavy responsibility, regardless which country we are in. Following this, while many have been grousing about the impact of GDPR and how it impacts our business operations, we must remember the positive aspects. For one, GDPR greatly impacts the level of confidence our customers have, while it would also enhance their ease of doing business with us. Overall, all these benefits go a long way in securing their loyalty and future business.