Domain Name Registrants: Prepare for GDPR on time, avoid headaches later

Tag Archives: GDPR

Domain Name Registrants: Prepare for GDPR on time, avoid headaches later

Here’s a little something you’ve probably heard a lot during past few weeks and months.


Brace yourselves, May 25th is coming.

The deadline to comply with the above mentioned GDPR or EU’s General Data Protection Regulation, to be precise, is quickly approaching. Domain name registrars are announcing changes and implementing them within the next few weeks. Here’s what you need to do as a domain name holder/registrant to be prepared.

Transfer your domain names

If you have domain names that you might want to transfer to a new registrar within the next couple of months, do it now. If the personal information in Whois is confined (as is likely), transferring many domains (including .com) could be a bit harder than usual.

The TechOps subcommittee of the Contracted Party House inside GNSO explained the difficulties — and possible solutions — to ICANN in a letter last month. The letter succinctly explains the problem:

Without question, domain name transfers will be significantly affected by GDPR, especially in light of ICANN’s recently proposed Interim Model for GDPR Compliance (Interim Model). The current ICANN transfer policy requires the gaining registrar to send a standardized form of authorization (FOA) to the registrant or admin email address – that party is then required to take affirmative action and the involved registrars maintain a record of response. However, because the gaining registrar does not have the record of current registrant information at the time of transfer, it will typically pull it from the public WHOIS output (at the time of the transfer request, and prior to initiating a transfer request at the registry). The Interim Model does not make available the registrant’s email address through public WHOIS – leaving the gaining registrar unable to send the FOA through the usual means.

No public Whois, no easy way to get the current registrant’s information.

We are likely to see a variety of approaches to handling transfers. The bottom line is that it might be difficult to move your domains between registrars post-GDPR, so do it now.

Add two-factor authentication and lock your domains

A lack of personal data in Whois is likely to increase domain theft and make it challenging to track down stolen domain names. Changes in how some registrars handle domain transfers could also increase the number of domain thefts. Why? — Well, because, here’s the thing about GDPR and domain name registrars/registries: if you wait for ICANN to figure out how to address GDPR, it will be too late to make the necessary changes to comply with the law. GDPR enforcement goes into effect in just 21 days.

Don’t take any chances. Make sure your security is up-to-date.

Download Whois data you need

If you use a program like Watch My Domains, now is the time to pull in the latest Whois records about your domain names. This will be very difficult later this month.

Add context to stop an influx of UDRPs

Complainants currently investigate domain name owners before filing UDRPs (cybersquatting complaints). This allows them to determine if the owner might have a legitimate interest in the domain (e.g. a guy named Andrew owns a domain with Andrew in it) and potentially determine why they acquired the domain. This will be difficult without personal information in Whois.

You can do a couple of things to prepare. First, see if your registrar will let you opt-in to having your Whois info displayed. Second, consider changing the content of your parked pages to make sure they reflect a proper use of the domain.

On that note, be sure that people can contact you through your parked page. It will become difficult for them to reach you through your Whois record.

Get a subscription to historical Whois data

While GDPR is going to hurt DomainTools and DomainIQ in the long run, they will actually become more critical to your business for a least the short term.

When you buy a domain name, you’ll want to verify who owns it. If you can’t do that through the live Whois, looking at historical Whois information is going to be legit.

Source: Domain Name Wire

AltusHost and the GDPR Compliance

Dear AltusHost clients!

25th May of 2018 will not just be the famous Towel Day, celebrating and honoring the work of dear Douglas Adams. It will also be the day when General Data Protection Regulation (GDPR) will come into it’s full and powerful force.

But either way, don’t panic.

Because, as you already know, we at AltusHost have always been committed to at-most Security and Data Privacy.

So, what is GDPR?

First thing first. Definitions.

GDPR is the European Union regulation that replaces the Data Protection Directive and is aimed at strengthening and unifying data protection for all individuals within the European Union. This regulation will bring a huge change to European data security, but it will impact many non-EU based businesses as well.

Who needs to comply?

This one is clear. Any company selling to and storing personal data or behavioral information of citizens in Europe, not just EU (personal information being: your name, email, location, photo, even bank details, updates on social networks, medical information or a computer IP address) must comply to GDPR starting May 25th.

Moreover, any company with a web presence in EU or targeting European customers (that means for example having a website available in any language of the EU, a domain with EU country code or accepting payment in EU currency) will need to meet GDPR requirements as well.

How will it be executed?

The GDPR imposes high fines on data controllers and processors for non-compliance.

The fines can go up to 20 million Euros or 4% of annual global turnover, whichever of both is the highest. However, the exact fines depend on numerous factors (how severe non-compliance and potential personal data breaches are and the measures that have been taken to be GDPR compliant).

Okay, what does GDPR actually change?

GDPR gives individuals the control over how their personal information is being collected, stored and used. Under GDPR individuals have the following rights:

1. The right to be informed – individuals will have the right to be given information about how their data is being processed and why. Individuals will also need to give consent to data processing.

2. The right to access – individuals will have the right to to obtain the confirmation as to whether or not personal data concerning them is being processed, where and for what purpose and to receive a copy of the personal data, free of charge, in an electronic format.

3. The right to be forgotten – individuals will have the right to have their personal data erased and to cease further dissemination of the data, and potentially have third parties halt processing of the data.

4. The right to object – individuals will have to right to object at any time to processing of personal data concerning them.

5. The right to data portability – individuals will have the right to receive the personal data concerning them, which they have previously provided in a ‘commonly used and machine-readable format‘ and have the right to transmit that data to another controller.

6. Breach notification – data processors will be required to notify their customers about data breach within 72 hours of first having become aware of the breach.

ICO GDPR preparation steps

AltusHost and GDPR compliance

AltusHost legal team is working hard to implement all necessary changes to ensure that we fully comply with the GDPR when it becomes enforceable.  We’ll inform all of you about all privacy policy and security changes introduced to AltusHost in regards to the GDPR in coming weeks.


Search entire Blog

Subscribe Now

10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!