GDPR – how has it impacted domains and WHOIS records?

On May 25th, 2018, the General Data Protection Regulation (GDPR) went into force. The impact of GDPR is being felt not only by businesses and individuals, but also by security researchers, investigators, and those who offer security products and services relying on WHOIS data.

The Impact

The most significant impact on the domain industry from GDPR is the changes to ICANN’s (Internet Corporation for Assigned Names and Numbers) policies for WHOIS information. ICANN, domain registries, and domain registrars reacted to GDPR by introducing a new policy requiring alteration of personal information, thus changing the landscape of domain registrations.


The most significant impact of GDPR in the domain industry is on how registrant data is handled in the public WHOIS. WHOIS is a protocol that all registrars must implement. It is used to provide information about a domain to the general public. In response to problems with spam arising from publicly available information, as well as the risk of public information being used to harass or harm domain holders, domain registrars started offering WHOIS privacy long ago.