This document discusses the GDPR and its impact on WHOIS compliance for Indian stakeholders. GDPR is a new EU data protection regulation that takes effect in May 2018 and requires organizations globally to empower individuals with control over their personal data. It conflicts with the current WHOIS system where domain registration information is publicly accessible. To comply, domain registries and registrars have implemented changes like masked, thin, or private WHOIS lookups. Indian companies that deal with EU personal data, like domain registrars, hosting providers, and website/SaaS companies will need to review their processes to ensure GDPR compliance and could face fines of up to 4% of annual turnover for violations. The changes impact how personal data flows within the domain industry
Russian Call girls in Abu Dhabi 0508644382 Abu Dhabi Call girls
GDPR and WHOIS Compliance - Impact on Indian Stakeholders
1. GDPR & WHOIS Compliance
Impact on Indian Stakeholders
Arun Bansal – CEO, ServerGuy
2. What is GDPR ?
• GDPR or General Data Protection Regulation is a significant new EU
Data Protection Regulation
• Approved in April 2016, the GDPR is enforceable May 25th, 2018 and
replaces the current EU Data Protection Directive
• Not just for EU Organizations but any Organization Globally which
targets or monitors EU Citizens
• A key aim of GDPR is to empower individuals
3. Key Terms under GDPR
• Data Subject – The person to whom the information relates.
• Personal Data – Any information related to an identifiable
person.
• Data Processing – Obtaining, recording or holding information, or
carrying out any operation on said information.
4. Key Terms under GDPR
• Data Controller – The entity that determines the purpose for
which and the manner in which data is processed.
• Data Processor – Any person or entity who processes information
on behalf of a data controller.
• Subject Access Request – A written request from an individual
requesting action on the data held about them. This can mean
notifications about what data is possessed, where it is stored,
corrections to that data and also the outright deletion of it.
5. Examples of Personal Data
• a name and surname;
• a home address;
• an email address such as name.surname@company.com;
• an identification card number;
• location data (for example the location data function on a mobile phone)*;
• an Internet Protocol (IP) address;
• a cookie ID*;
• the advertising identifier of your phone;
• data held by a hospital or doctor, which could be a symbol that uniquely
identifies a person.
6. Rights of Data Subject
• Right of access
• Right to rectification
• Right to erasure
• Right to restrict processing
• Right of portability
• Right to object
7. What is WHOIS?
• WHOIS is a protocol
• For querying the internet databases that store information on users or assignees of
internet resources. WHOIS registries typically contain organizational information in
addition to domain names, IP address blocks and other autonomous systems. In
many ways,
• WHOIS is like an internet phonebook.
• Worldwide public log of every domain
• It’s used for a range of activities, from security research purposes to helping
complete domain control validation checks for Certification Authorities.
10. The Conflict between GDPR & WHOIS
Domain name registries and registrars, who are
required by ICANN, the global domain name authority,
to list the personal information of domain name
registrants in publicly-accessible WHOIS directories.