GDPR Six Months Past May 25th, 2018
Funny how GDPR was the only thing that the domain industry was talking and thinking about before May 25th and today we hardly hear anything except at an ICANN conference - because ICANN is still trying to figure it out 100% themselves. Some striking observations on GDPR since the end of May:
- Registry operators and a handful of registries have updated their RRA to reflect GDPR and have a Data Processing Agreement (DPA) with registrars. Many smaller registries neither provided an updated RRA or a DPA.
- Registries also made a number of GDPR based announcements prior to May 25th, many still haven't technically implemented anything.
- Registrars also made a number of GDPR announcements before May 25th, but since tracking our competitors, registrars haven't said or done anything else on GDPR since.
So, Is The Domain Industry Now Compliant?
In my opinion, it's a big fat no. Not even close. First, ICANN is still working out (and is still in the discussion phase) the full model for compliance and is also a three time loser in their Whois GDPR legal war. As a registrar, we would expect all registries (big and small) to have updated their RRA and presented a DPA. Lastly, since we keep an eye on our registrar competition, we get notices and updates on what other registrars are doing on GDPR too. In a nutshell, GDPR is not even a back seat issue, it's in the trunk of the car and no one wants to open it to let it out.
Okay, We All Have GDPR Work Still Left To Do, Now What?
To be fair, there is probably ongoing GDPR efforts throughout the industry, which can't be observed through emails, notices and monitoring of competitors. Case in point is HEXONET itself, where a number of GDPR improvements are in our goal planning and also in our engineering plans. Luckily for us, we were already fairly compliant with GDPR prior to May 25th since we are a German based company (1API GmbH - our house registrar). Germany has long had very strict privacy laws and in fact much of the GDPR was based on these laws in Germany. The next steps are not just to keep compliant, but making GDPR a value add for our customers and resellers.
GDPR At HEXONET
Keeping in mind that GDPR implementations are still yet to roll out from various registries and that the rules of GDPR are not static. The policy itself is likely to be adjusted in the coming years. HEXONET's goals for GDPR are simple:
- Work with and pay legal/industry experts, in the field of GDPR, to ensure we have a full understanding of GDPR changes and subsequently the best implementation strategy.
- For our direct customers, we want to stay ahead of the curve on customer data privacy and policy, for their protection.
- For our resellers and registrars that use HEXONET as their service provider, we will continue embedding and automating compliance (if possible) into our service to minimize the effect and work of GDPR on our partners.
For support or questions on GDPR at HEXONET, please feel free to contact us at firstname.lastname@example.org
Visit our website for information on domains and other products offered at HEXONET.