How does the GDPR affect domain transfers?
Regarding ccTLDs (such as .nl, .be, eu, .cn or .cl), little has changed. We are not aware of any registry that changed its transfer procedure.
Regarding gTLDs (such as .com, .info, .london or .shop), the transfer procedure depends on what information is available in the whois records of the domain name to be transferred:
- If an e-mail address of the owner and/or administrative contact is available, the transfer starts with an e-mail to those contacts. After the domain contact approves the transfer, it will be requested at the registry. After 5 days it will automatically be completed.
- If no e-mail address is available in the whois records, we request the transfer at the registry immediately. After 5 days it will automatically be completed.
You can find the current step in the transfer process in the details of the domain name in your control panel.
Full information about the transfer process for each extension is available in the Documentation per TLD pages.
How do I remove personal data from the whois?
Under the GDPR, no personal data may be shown anymore except when there is consent, when it is required by law or when there is a legitimate interest. In most cases all personal data is removed from the whois output unless the domain holder has explicitly consented to publication.
However, we see that several registries still publish more or less personal data. Examples of these are
- EURid (.eu) who still shows the e-mail address of the owner (rationale: required by the European Commission and there's a legitimate interest in being able to contact the domain owner)
- AFNIC (.fr), NIC ES (.es) and SIDN (.nl) who still show the name of the owner, even if it is a private individual
- DK Hostmaster (.dk) who still shows all personal data (rationale: it's required by local law)
We expect that registries in the course of the first months to years after the GDPR will review their whois strategy, so changes may be seen over time.
If you want personal data to be removed from the whois, you should file a complaint with the data controller: the registry. Contact details may be found on the registry's websites.
An easier way of removing personal data is using our Whois Privacy Protection services, if it's available for that specific extension.