[Fri, 11 May 2018] - What is the GDPR and what is our path to GDPR compliance? (updated)
We manage so many of our daily activities online that the web has inevitably turned into a giant pool of personal data, which is exposed to a variety of risks, as was the recent case with Facebook.
Europe’s General Data Protection Regulation (GDPR), which goes live on May 25th, is aimed at addressing all security risks by enforcing a strict data protection regulation across the EU and beyond.
What is the GDPR all about?
The GDPR regulation is the most impactful piece of data privacy legislation in the new century.
Coming on the heels of the recent Facebook scandal, which revealed that the data of millions of Facebook users had been misused for the sake of third-party campaigns, the GDPR regulation is designed to regain order in how personal data is handled and stored online.
Despite being an EU regulation, the GDPR practically affects any company that processes the personal information of EU citizens.
That said, it applies to whether or not that company is based in the EU.
Personal data and individual rights
Approved on April 14, 2016, the new set of rules treats personal data protection as “a fundamental right” of all EU citizens and consumers.
Regarding online services, personal data could include anything from an individual’s name to a physical location or an IP address.
In an effort to give consumers a bit of power in the so-called “big data” world, the new regulation also gives individuals more rights to their information.
All individuals will have the explicit right to know whether, where and for what purpose their personal data is being processed.
The GDPR empowers individuals to have their personal data erased or not processed further.
They can also object to having their data processed for direct marketing purposes and choose to transfer it away to another provider.
Data protection responsibilities under the GDPR
The GDPR sets out the rights of EU individuals and the respective obligations of data processing companies and organizations in a total of 99 articles.
The main business takeaway is that each company will have to justify the collection of personal data and to follow very strict rules in the process.
The GDPR requires companies to revise and update their privacy policies and to make them clearer and more transparent to EU users.
They will need to clearly specify what personal information is collected, for what purposes it is used and what legal basis each purpose is backed up by.
Apart from justifying their data processing activities, however, companies will also need to take specific technical and organizational measures to ensure the highest level of in-house data protection.
Planned GDPR compliance measures on our platform
As a service provider operating on the European market, we are GDPR-bound by default.
Here is a list of the measures that will come into effect this month in order to ensure GDPR compliance across our platform.
- WHOIS updates
The current public WHOIS system, which is aimed at providing free access to a domain owner’s personal information, is incompatible with the GDPR’s principles.
For that reason, we’ve taken steps to hide the personal details for all .COM and .NET domain names from the public WHOIS database.
You’ll be able to opt-in to having your Registrant data disclosed online from your Control Panel.
The option will be available in the Registered Domains section soon. It will be added as an extra tick-box option (‘’WHOIS data disclosure consent’’) in the Edit Whois area, which you can access with a click from the table of registered domains.
Until this option becomes available online, you can ask for your registrant details to be disclosed online by opening a ticket.
- In-house technical and organizational measures
As mentioned earlier, the GDPR will enforce a set of data protection policies on companies and organizations to comply with.
They all require a substantial investment of resources in technical and organizational data protection measures for ensuring the utmost GDPR compliance level.
We’ve done our best to follow an efficient action plan that can help us implement all the newly required measures right on time.
Among them is the very method in which we communicate with the data centers that we are partnering with to ensure that they provide the necessary data protection levels.