How GDPR will affect your domain names

Are you ready for GDPR? In this article, we offer some advice about what you need to consider when it comes to GDPR and domain names.

On the 18th May 2018, GDPR (General Data Protection Regulation, or Allmänna Dataskyddsförordningen in Swedish) will come into force. GDPR is a European regulation that aims to strengthen protections for the use and storage of individuals’ personal data. In Sweden this effectively replaces Personuppgiftslagen – also called PUL.

GDPR requires that companies manage personal data in a certain way – and this can have a significant implications for domain names.

The biggest impact of GDPR on domain names affects those that have their registration details publicly listed on WHOIS. This is an area where your company can protect your employees and be compliant with GDPR by ensuring that the appropriate registration and ownership details are used.

GDPR provides an additional reason why you shouldn’t use employees’ personal information – such as their email addresses, telephone numbers or names – as registration data for domain names. To protect personal data and to avoid unnecessary fines or sanctions, we recommend that you use non-personal, generic information instead.

Besides protecting personal information, there are other benefits to using non-personal registration details for domain names. At Dotkeeper, we’ve made a film about this, here (in Swedish). The advantage for companies is that there is less risk and simplified administration if domain names are not linked to individuals. For example, when an employee leaves a company it can be a struggle to access or make changes to a domain portfolio if everything is registered to a specific personal e-mail address.

The other common scenario is that registration information be forgotten when companies are bought and sold.

Another piece of advice ahead of the launch of GDPR, is that you should equip your website with SSL certification to encrypt traffic between your website and its users. This sends a clear unambiguous signal that you value your customers’ personal data and will take steps protect it.

Here’s a checklist for adapting your domain names for GDPR:

1. Depersonalize all ownership information – use a general email address, your company name and a reference number.

2. Set-up SSL certification on your websites.

Do you want to know more about how we at Dotkeeper can help you to make your domain names GDPR compliant? Contact us, and we can tell you more.

Note: The above text is for guidance only and should not be considered as legal advice.