GDPR Roundup: Basics & best practices

If you’re anything like me, you’ve spent the days since our first GDPR blog post thinking nonstop about the policy’s potential impacts on the domain world. Okay, maybe you have other things to do with your time… But luckily, there are a lot of great minds at work on this issue. This week, I’d like to share a few links that give some useful background information and starting points as you think about what the GDPR means for you and your business.

1. ICANN: Data Protection/Privacy Issues

ICANN is the global nonprofit organization that coordinates the technical and operational services of the internet. This page on ICANN’s website lists various data privacy-related projects, including information and resources about ICANN’s work related to the GDPR. Especially of interest are the October 18 blog post and the November 2 announcement from the Contractual Compliance team; the blog post acknowledges that the GDPR will affect how Whois is displayed, and the November 2 statement talks about how contractual obligations will be handled in a post-May-25-2018 world. Both are important starting points in understanding how aspects of the industry are likely to change under the GDPR; ICANN and the organization’s larger community have yet to determine a consistent, official approach to responding to the challenges presented by the policy.

2. GeoTLD.Group: GDPR Info Page

As its name might suggest, this not-for-profit represents the interests of the various registries that operate geographic top-level domains worldwide. The GeoTLD Group has put together several useful reports and presentations about the GDPR, including a review of best practices from registries that already follow similar regional data-privacy laws. They also conducted a general survey of the domain industry which provides insight into the policy’s impact on domain-related businesses and what measures these companies are incorporating into their implementation plans.

3. IAPP: Top 10 Operational Impacts of the GDPR

The International Association of Privacy Professionals wrote ten articles looking at different aspects of the GDPR. I particularly liked their review of what Consent looks like under the GDPR and their Consequences for GDPR Violations piece really brought home just how much this new regulation overshadows other data-privacy laws, including the EU’s previous Data Protection Directive, in terms of its scope and enforcement mechanisms.

Ultimately, I find it reassuring that so many different groups are thinking about what changes might be needed for compliance with the GDPR. Getting your business ready can seem like a daunting task, but seeking legal counsel and familiarizing yourself with the basic concepts will ensure that you’re prepared. You can subscribe for updates and helpful resources on our GDPR page.