Per Wikipedia, "The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU." When does GDPR go into effect? GDPR enforcement begins May 25, 2018.
We are impacted since we are a business offering services to customers in the EU which involves the collection and distribution of personal data. Every registrar in the world with customers in the EU is impacted as well. The main cause of registrar impact is the fact that registrars are required to pass contact data for all WHOIS roles associated with a domain (Registrant, Administrative, Billing and Technical in most cases). This information is then made available via public WHOIS lookup services.
We have provided a "Domains Impacted by GDPR" page located at https://dashboard.reg-names.com/domains which has more details and a lit of any impacted domains in your account. Do I need to do anything if my domains use WHOIS privacy? In short, no. Only domain contacts which designate a country in the EU and are not using WHOIS privacy are impacted. Please note that you cannot remove privacy for domains if any of the WHOIS roles are in the EU and have not opted-in to our data handling/storage policies. If I do not use WHOIS privacy or have registered TLD(s) that do not permit privacy what do I do? Please read the sections below. In short, we will provide a method to opt-in to our data handling/sharing policies. Once a contact profile has opted-in, they can continue being used with existing domains or applied to new domains.
On May 25, we will take the following actions for domains that use one or more WHOIS contacts in the EU and do not have WHOIS Privacy applied: We will automatically add WHOIS privacy to the domain. Please note: If the TLD does not permit privacy (currently just .in, .us, .tickets), we will still apply privacy to the domain. Please note this means that any such domains would be in violation of that registry’s policies and they may take action against any subject domains. It is therefore critical that you remove privacy as soon as possible which can be done once all WHOIS contact roles are either not in the EU, or, if located in the EU, that all roles have opted-in to our data handling/sharing policies.
We will take a number of steps on or before May 25, 2018 to ensure compliance with GDPR, including, but not limited to: We will provide a method for contacts to opt-in to our data handling/sharing policies We will disallow registration/transfer of domains associated with any WHOIS contacts in the EU that either (a) do not use WHOIS privacy, or (b) do not opt-in to our data usage/disclosure policies. We will disallow registration of TLDs that do not permit WHOIS privacy (currently .in, .us and .tickets) unless those WHOIS contact(s) have opted-in to our data handling/sharing policies. We will disallow changes to contact profiles which have opted into our data handling/sharing policies.