As announced earlier, we are gearing up towards compliance with the European Union’s General Data Protection Regulation (GDPR) and will be making a few changes to the platform accordingly.

There are four important changes you should take note of:

  1. Changes to our Client Area & Control Panel
  2. API changes
  3. GDPR Protection
  4. Some TLDs may display WHOIS information

Changes to our Client Area & Control Panel

Data Transfer and Marketing Consent:

New checkboxes have been introduced to the storefront that are shown to EU users. These will be shown when a new user selects a country from the European Economic Area and indicates that their account will be associated with that region. The other condition is when the user is an existing one and logs in to select an EEA country contact to associate with the domain name purchase; the checkbox will be shown before transaction completion.

Please find a brief understanding of these checkboxes below:

1. Your Terms of Service & acknowledgment of your Privacy Policy.

You are solely responsible for providing your customers with a Privacy Policy that accurately describes what data you collect from your customers and how you store, use and share or disclose such data and what choices your customers have with respect to such data.

2. Receiving marketing emails from you by providing your customers with the opportunity to opt out of receiving such emails.

If a customer opts out of receiving marketing emails, that customer’s email preference will be sent to you in the customer sign up email. You must exclude all customers who opted out from your marketing email campaigns.

PLEASE NOTE: While we have currently provided you with the functionality to allow your customers to opt-out of receiving marketing emails, it is solely your responsibility to determine whether it is appropriate for you to rely on this opt-out solution or if you are required to obtain opt-in consent from your customers through alternative means.

3. For new sign-ups, the interfaces will collect consent from the customer to allow personal data transfers outside the EEA for processing because our platform servers are located in the USA.

4. If you are using our API to send user sign up forms to the platform, please use the API methods here to send the consent you collect to database. You can also log this on a local DB to manage the opt-in based marketing for new customers.

Control Panel

1. Enabling/Disabling GDPR Protection: Customers from all EEA countries using the customer control panel will be given an option to enable or disable the GDPR Protection, which masks the customer’s WhoIs data to comply with the GDPR requirements, from their control panels. However, by default GDPR Protection for EEA customers will be enabled.

2. There are a few tools available in the market that can help you draft a GDPR compliant Privacy Policy and make it GDPR compliant at a minimal cost:

https://termsfeed.com/privacy-policy/generator/ is an example Other such tools are listed here: https://digital.com/blog/best-privacy-policy-generators/


API changes

For all using the API, we will be making some changes to a few domain registration API calls which you will need to incorporate in your existing domain registration setup.


GDPR Protection

You can read it once again on our blog here. Starting next week, you’ll see that the data on WHOIS for domains owned by EEA registrants is getting masked. This masking process is automated, will be ongoing and will be completed across all relevant domains on the platform. Our goal is to complete this process within the next week itself, however there is a possibility of a spillover.


Some TLD Registries may display customer WHOIS information

GDPR Protection will not be available for new and existing registrations  for certain TLDs. As of May 17, 2017, these TLDs are : .AU, .BR, .CA, .CN (2nd and 3rd level), .DE (2nd and 3rd level), .EC (2nd and 3rd level), .EU, .RU (2nd and 3rd level), .UK (2nd and 3rd level), .US, .ECO, .JOBS, .NGO/.ONG, .NYC and .TEL.

These TLD registries may not mask registrant personal data completely and may display some personal data in the WHOIS. Where we are the registrar on record, we will send an email to the registrants of those domains informing them that their personal data could be displayed in the WHOIS. If you are a registrar of such domain names under your management, we recommend that you reach out to your registrants to inform them about this exception.

Sale of .ES domain names after May 25, 2018

The .ES registry is an exception to the list mentioned above.  Currently, the .ES registry does not accept masked data and has not committed to masking personal data. The .ES registry also places a restriction on registrants modifying their contact details or selecting a different contact as the registrant contact for a registered .ES domain name.

In light of this restriction, effective May 25, 2018 we will stop new sales of .ES domains on the Client Area platform. Please note, however, domains already purchased will continue to remain un-masked in WHOIS searches.

How does GDPR Protection differ from Privacy Protection?

1. By default, personal data of EEA customers will be masked under “GDPR Protection.”

  • However, Privacy Protection will remain an optional purchase for EEA  registrants.
  • GDPR Protection will only mask an EEA registrant’s data, it will not forward any emails to the registrant.

2. For all non-EEA registrants, Privacy Protection remains the default domain data protection service.

  • With the purchase of Privacy Protection, GDPR Protection will be turned off and data will be masked with the paid plan of www.privacyprotect.org
  • Privacy Protection can be turned off in the customer’s control panels & API (verification link is NOT sent on email)
  • Privacy Protection remains beneficial for customers interested in having emails forwarded to them (e.g., for customers who are interested in sales opportunities for their domains, transfer requests, and fielding other communications) without publicly displaying their personal data.
  • The email address displayed on WHOIS will be contact@privacyprotect.org
  • Parties interested in contacting the domain owner can fill out a form on the website and contact the domain owner through a forwarding service

3. Notwithstanding the foregoing, access to the personal data of domain name registrants inside and outside the EEA may be granted when such access is necessary for technical reasons such as for the facilitation of transfers, or for law enforcement when it is legally entitled to such access.

Sample GDPR Protection Screenshot:

Click here to see a sample screenshot of how the GDPR Protection placeholder data will be displayed in the WHOIS response.


Our teams are working around the clock to ensure that the Client Area platform will be GDPR compliant by May 25, 2018. We will keep you updated on our progress and inform you of any proposed changes and when they will happen. If you, or your customers, have any additional questions, please do not hesitate to contact us.

Monday, May 21, 2018





« 返回

Powered by WHMCompleteSolution