GDPR - General Data Protection Regulation. GDPR compliance symbol. Vector illustration

Some Changes for GDPR Compliance

GDPR comes into force this Friday, so it’s time for us to give another small update on what we’ve been doing.

TLDR version? All our policies can be found here.

We’ve always tried to be transparent about what we do and why we do it, so, in many respects, GDPR doesn’t really change that, but it does encourage us to do things better.

With that in mind we’ve broken out several of our existing policies into separate documents and updated, clarified and rewritten several of them. You’ll find them all here.

I provided an overview of what we were doing about GDPR a couple of weeks back. As always if anyone has any queries about it just let us know.

Earlier this week we pushed out an update to our public whois server, as we previously announced. You’ll notice that email addresses in whois have been replaced with a link to a contact form. So if you do a lookup on mneylon.com (one of my personal domains) you’ll be able to contact me via the form. I might reply, I might not. Just like today when you email me or call me on the phone. I’m under no obligation to reply to reply to you.

ICANN has finally published an “Temporary Specification for gTLD Registration Data” which outlines what they view our obligations under GDPR and our contract with them should be. We intend to make changes to our systems and processes in order to be compliant, however the short timeframe means that there will be some gaps initially.

We will also be changing our data escrow agent to one based within the European Union, though we don’t have an exact timeline on that change yet.

The changes to public whois won’t impact most of our clients, though it will have an impact on how certain types of transactions are handled. So domain name transfers, for example, will be changing. Whereas previously the gaining AND losing registrar would have sent confirmation emails to the registrant, that will no longer be possible. Instead the process will be closer to how many country codes currently work, with the EPP code being the key to to move domains between registrars. You’ll need to make sure that your contact details are up to date or there will be issues and headaches.

As I mentioned recently several of the ccTLD domain name registries, including Nominet and IEDR, have changed their whois output as well as some of their other policies and processes. What that means in practical terms is that while the “registrar of record” will have access to all of the domain name registration data a 3rd party will have reduced visibility. The exact impact of some of these changes is hard to see at the moment, but it does mean that keeping your contact details up to date with us will be more important than before. If the contact details on your account or your domain names is “stale” it’ll be harder for our staff to validate that you have access to domains, accounts or services. This will be of particular importance to IT service companies, web developers and other professionals who manage multiple domains and accounts for their clients.

We aren’t going to be sending our clients or contacts requests to “opt-in” to emails and other communications, as there’s no need. Anyone who gets our newsletter or updates chose to. If you are an existing client we are entitled to send you emails about billing, service updates and other matters that impact our business relationship. We will be sending an email to all clients with “active” accounts with a summary of the various policy updates we’ve made, but this will be purely informative.

, , , ,

Trackbacks/Pingbacks

  1. Keeping More Data in the European Union - July 18, 2018

    […] I mentioned in a recent blog post, we planned on switching to an EU based escrow provider as soon as we could. I’m happy to say […]