You have probably seen a lot of emails and articles over the past weeks and months about GDPR. GDPR is short for the General Data Protection Regulation. This regulation goes into effect on the 25th May 2018. It was passed by European lawmakers to create a standardized data privacy law across all the EU member states. In short, it is designed to:
- support privacy as a fundamental human right;
- require companies that handle personal data to be accountable for managing that data appropriately;
- give individuals rights over how their personal data is processed or otherwise used.
GDPR is all about protecting your personal data and giving you full control over who you give it to, who is allowed to keep it and who is allowed to share it. Personal data is any information relating to an identified or identifiable natural person.
In addition to the obvious types of data you may share, including name, address, email address, financial information, contact information, identification numbers, etc., personal data can also include data related to your digital life, like an IP address, geolocation, browsing history, cookies, or other digital identifiers.
Therefore, if information can be traced back to or related in some way to an identifiable person, it is highly likely to be considered “personal data” under the GDPR.
So, what does this mean for me?
You have several rights you may exercise under the new regulations, including:
- Right of access: Individuals can ask for a copy of the personal data retained about them and an explanation of how it is being used.
- Right to rectification: Individuals have the right to correct, revise or remove any of the personal data retained about them at any time.
- Right to be forgotten: Individuals can ask to delete their personal data.
- Right to restrict processing: If an individual believes, for example, that their personal data is inaccurate or collected unlawfully, the individual may request limited use of their personal data.
- Right of portability: Individuals have the right to receive their personal data in a structured, commonly used and machine-readable format.
- Right to object: Where an individual decides that they no longer wish to allow their personal data to be included in analytics or to receive direct marketing emails or other personalized (targeted) marketing content at any time, the individual may opt out of use of their data for these purposes.
Please note that exceptions may apply in some cases.
What is Alpha Internet Limited doing about this?
Hang on, but what about WHOIS?
By default, we will no longer disclose personal data to the domain registry or third-party providers, if that registry will be displaying your data in the WHOIS. This means that even if you do not select WHOIS privacy, your personal data will not be visible in the WHOIS. We will also not disclose your personal data in our Public WHOIS, for the .com, .net and several other TLDs we maintain the Public WHOIS database.
You will need to ‘opt in’ if you want your personal data to be displayed in the WHOIS. We are still working through the mechanisms of how this will be made available to you, but as the regulations are very strict it is likely that you will need to opt in on a contact by contact basis. The following data is considered not to be personal for the purposes of GDPR, all other data is personal:
- Organization, Street, City, State/Province, Postal Code, and Country in the case of organizations (if the “organization” field is filled out and no first, middle, last name is given)
- Country and State/Province in the case of private persons (P-handles, if no organization is given)
We will forward all emails sent to the “hidden” address to your specified email, like how our WHOIS privacy currently works. Some Registries may insist on the disclosure of your personal data, in these instances we will notify you in advance of registration and you will have the option to give your approval of this disclosure.
The WHOIS Privacy Service offered through WHOIS Privacy Corp. will continue to be fully available after GDPR has become effective, although in nearly all cases WHOIS data will be private in any case.
The process for transferring domains may change, however we don’t yet know how.
So that’s pretty much it.
While compliance with the GDPR is challenging for all involved parties, it will ultimately help to protect confidential data of Internet users from abuse and misuse both by restricting processing and by improving security. Alpha Internet Limited will be fully compliant with the new regulations and is pleased that our partners and industry colleagues will soon match the outstanding data privacy measures that our customers already enjoy.
If you have any questions regarding this subject, or anything else, please contact us at firstname.lastname@example.org