The European Union’s General Data Protection Regulation (GDPR) came into being on 25 May 2018. For gTLDs ICANN still hasn’t developed a permanent policy on how to deal with it. For ccTLDs it was somewhat simpler. The lawyers at Austria’s ccTLD manager, nic.at, have given their verdict in a Q&A published on the registry’s website last week.
Barbara Schloßbauer says that “nobody could anticipate what would actually happen after the implementation of GDPR” but changes implemented include Whois data for individuals that is now available “only includes the domain name, the registrar responsible, and necessary technical information. In addition to this, an information request form has been developed, enabling eligible people to find out who the domain holder is. The main variable was the consumers’ reaction to that, as we didn’t know how many Whois requests had been sent in the past concerning natural persons. In the end, it has all been much more easygoing than expected – the extent of requests is definitely manageable.”
Schloßbauer said that implementation wasn’t as difficult as it might have been given that nic.at already ISO 27.001/2013 certified and this certification “is based on the same systems.” Bernhard Erler commented “the GDPR topic had been a priority for all departments. In the end, there was no department which wasn’t involved in the whole process – even though the daily business had to proceed without any interruptions, the collaboration was excellent.”
On a positive note, Erler said “the most notable thing was that the topic of data protection became the focus of attention within nic.at. GDPR has managed to greatly raise awareness in relation to the importance of taking care of data.” Further, Erler believes this care of data “is also the main positive effect of GDPR: the establishment of awareness of the interaction with data – data protection is now definitely an issue of public interest.”
To read the complete Q&A with nic.at’s lawyers Barbara Schloßbauer and Bernhard Erler, see their “Happy Birthday, GDPR” here, or for the German version here.