The European Unionâs General Data Protection Regulation (GDPR) came into being on 25 May 2018. For gTLDs ICANN still hasnât developed a permanent policy on how to deal with it. For ccTLDs it was somewhat simpler. The lawyers at Austriaâs ccTLD manager, nic.at, have given their verdict in a Q&A published on the registryâs website last week.
Barbara SchloÃbauer says that ânobody could anticipate what would actually happen after the implementation of GDPRâ but changes implemented include Whois data for individuals that is now available âonly includes the domain name, the registrar responsible, and necessary technical information. In addition to this, an information request form has been developed, enabling eligible people to find out who the domain holder is. The main variable was the consumersâ reaction to that, as we didnât know how many Whois requests had been sent in the past concerning natural persons. In the end, it has all been much more easygoing than expected â the extent of requests is definitely manageable.â
SchloÃbauer said that implementation wasnât as difficult as it might have been given that nic.at already ISO 27.001/2013 certified and this certification âis based on the same systems.â Bernhard Erler commented âthe GDPR topic had been a priority for all departments. In the end, there was no department which wasnât involved in the whole process â even though the daily business had to proceed without any interruptions, the collaboration was excellent.â
On a positive note, Erler said âthe most notable thing was that the topic of data protection became the focus of attention within nic.at. GDPR has managed to greatly raise awareness in relation to the importance of taking care of data.â Further, Erler believes this care of data âis also the main positive effect of GDPR: the establishment of awareness of the interaction with data â data protection is now definitely an issue of public interest.â
To read the complete Q&A with nic.atâs lawyers Barbara SchloÃbauer and Bernhard Erler, see their âHappy Birthday, GDPRâ here, or for the German version here.