Answer ID: 9060
The GDPR helps protect privacy in the digital age. The European Union views the protection of personal data as nothing less than a fundamental human right, alongside other rights such as freedom of expression, freedom of thought, and the right to a fair trial. Although there are other existing privacy laws in effect already, the GDPR is different in its scope of applicability and because significant fines may be levied for non-compliance.
The GDPR replaces the 1995 EU Data Privacy Directive, harmonizing privacy laws across the EU. Once it comes into effect on May 25, 2018, it will be law in all EU member states.
Though it’s complex and far-reaching, at a high level, the GDPR can be understood in terms of three fundamental concepts:
1. Consent and Control
Clear, informed consent and individual control over the use of personal data are basic rights in the GDPR. Any business collecting or processing personal data must not only obtain consent to do so, but must also explain what they need the information for. What’s more, they’re only allowed to collect the minimum amount of information required to get the job done and can’t use the info for any purpose other than that to which the individual initially agreed. This puts the individual in charge of how their info is used from the very start.
The GDPR imposes requirements around how companies should address security breaches that expose sensitive personal information. In the event of a breach, anyone whose information may have been exposed must be notified as soon as possible, and that notice should include an explanation of what happened, what’s being done to fix it, and what those affected should do to protect themselves. This type of information empowers each person to respond in the way they think is best in each circumstance in order to protect their own privacy.
3. The right to be forgotten
Under these new rules, EU-local individuals have the right to revoke consent for a service provider to use their data. When this happens, the provider must essentially erase all record of the individual, giving them a fresh start. This requirement is not without consequences or limitations: some services can’t be provided without personal information, and sometimes personal information has to be kept for reasons of public interest or relating to legal claims.
We have implemented the new GDPR policy. This will effect WHOIS info. WHOIS info will no longer be publicly available.
There is additional consent needed to process certain personal information The consent is optional, but may be needed in particular circumstances. You can offer this consent via an email we send to you.
We will request consent from the data subject when:
- We give the option of processing any piece of personal data that isn’t essential or necessary to provide the service. For example, for most domain registrations, we don’t require the registrant to provide their phone number, but by collecting this piece of data we are able to provide a backup verification method.
- The data is required by a third party, with whom we do not yet have a GDPR-compliant contract. For example, a registry might require that the registrant’s postal address be on file in order to complete a domain registration. If we don’t have a GDPR-compliant contract with this particular registry, we would have to request consent from the data subject to process and share this extra piece of personal data before completing the registration.
- Enom GDPR info page: https://www.enom.com/support/the-gdpr
- Changes to Domain transfer process: https://www.enom.com/blog/changes-to-the-domain-transfer-process/
- How will the GDPR impact Whois?: https://www.enom.com/blog/will-gdpr-impact-whois/
More general information about the GDPR policy can be found here: