General Data Protection Regulation
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It comes into force on the 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.
GDPR primarily aims to give EU citizens and residents better control over their personal data. Under the regulation, organizations must be upfront about the uses of the data and keep data subjects fully informed about how and why their personal data is used. It gives them clearly defined rights in relation to their data and places stringent obligations on the organizations that handle this data including requiring them to make sure it is used and disclosed only for its intended purpose, is kept secure and accurate, and is not retained longer than necessary.
Irish Domains have been working behind the scenes for some time in order to prepare for GDPR including improving documentation and internal procedures, reviewing security measures on our systems, and checking contracts with all our suppliers and partners to ensure compliance.
How this affects you
For many of our services there will be no obvious difference to customer in the way they operate, but there is clearer information on our websites to inform customers about the way we handle their personal data, and the rights and obligations of everyone involved. For some services the effect of GDPR will be more noticeable. As an example, for most top-level domains the amount of personal information that is displayed on public whois services will be reduced or even completely removed.
For data subjects, the most important new document is our Privacy Statement that replaces our old Privacy Policy and explains exactly what data we collect, what happens to it, and the rights they have in relation to it.
Another addition is our Service Specific Provisions document that delves much deeper into the data protection implications of individual services and contains information on the responsibilities of each party as well as containing information about retention and possible disclosures etc.
For all customers, we have adjusted our Terms & Conditions to ensure they include any new requirements of GDPR. This is especially important in relation to customers who are data controllers and/or resellers so that they are exchanging data with us on a more explicit contractual basis that complies with the regulation.
