In preparation for the GDPR enforcement date of 25 May 2018, Nominet have confirmed the key changes on how the EU General Data Protection Regulation will affect its operations with regards to UK domain name registrations and the way it manages the WHOIS database. These are as follows:
- Registrant data will be redacted from the WHOIS from 22 May 2018, unless explicit consent has been given.
- Law enforcement agencies will nonetheless be able to access all registry data via an enhanced Searchable WHOIS service available free of charge.
- Other interested parties requiring unpublished information will be able to request access to this data via our data disclosure policy, operating to a 1 working day turnaround.
- The registration policy for all .UK domains will be standardised – replacing the separate arrangements currently in operation for second and third-level domains.
- The .UK Registrar Agreement will be updated, renamed the .UK Registry-Registrar Agreement, and will include a new data processing annex.
- The existing Privacy Services framework will cease to apply.
Please note this only applies to UK domains including .co.uk, .ltd.uk, .me.uk, .org.uk and .uk. The changes for other TLDs maintained by ICANN in preparation for GDPR is yet to be finalised.