You’ve probably heard mention of the GDPR, and likely have many
Last updated: January 8, 2018
The European Union’s General Data Protection Regulation (“GDPR”) lays out a new set of rules for how the personal data of people living within the EU ("EU-local individuals")* should be handled. Though it’s complex and far-reaching, at a high level, the GDPR can be understood in terms of three fundamental concepts:
1. Consent and Control
Clear, informed consent and individual control over the use of personal data are basic rights in the GDPR. Any business taking personal data must not only obtain
The GDPR imposes requirements around how companies should address security breaches that expose sensitive personal information. Anyone whose information may have been exposed must be notified as soon as possible, and that notice should include an explanation of what happened, what’s being done to fix it, and what those affected should do to protect themselves. This type of information empowers each person to respond in the way they think is best in each circumstance in order to protect their own privacy.
3. The right to be forgotten
Under these new rules, EU-local individuals have the right to revoke consent for a service provider to use their data. When this happens, the provider must essentially erase all record of the individual, giving them a fresh start. This requirement is not without consequences or limitations: some services can’t be provided without personal information, and sometimes personal information has to be kept for reasons of public interest or relating to legal claims.
The GDPR comes into full effect on May 25, 2018. We recommend that you start preparing now.
The GDPR helps protect individual privacy in the digital age. The European Union views the protection of personal data as nothing less than a fundamental human right, alongside other rights such as freedom of expression, freedom of thought, and the right to a fair trial. Although there are other existing privacy laws in effect already, the GDPR is different in its scope of applicability and because significant fines may be levied for non-compliance.
The GDPR replaces the 1995 EU Data Privacy Directive, harmonizing privacy laws across the EU. Once it comes into effect on May 25, 2018, it will be
The GDPR impacts you if you have customers who live in the EU ("EU-local individuals")*. You now need to ensure that you’re obtaining permission from these customers to use their personal
While the rules outlined in the GDPR apply only to EU-local individuals*, changes to how data is collected and handled may happen on a global scale as companies modify their existing practices to ensure they are compliant with these new regulations. We will try to minimize any disruption to our domain management and registration processes for registrants and resellers.
It’s important to get started now so you’re able to fully understand the implications the GDPR could have upon your business, and plan effectively to meet the updated requirements. This should involve a talk with your lawyer(s). Though we’re making an effort to supply resources and context, the information we’re providing should not be considered legal advice. Seeking professional, legal counsel from someone who is familiar with your specific situation is critical. We encourage you to watch this page for updates and take a look at the resources below. You can continue reading for more information on how what we’re doing to prepare.
We will be keeping two things in mind:
Here’s what you can expect
We’ll implement a post-purchase consent request, similar to the WhoIs Verification request we send when a new domain is registered. We may combine the two into a single request if both verification and consent are needed at the same time.
We already store your data securely, but we’re doing some internal review to see how we can strengthen our protections to keep information safe. We’ll also be reviewing our data retention processes, and putting in place a method for people to request erasure of personal data from our platform.
We would like to reinforce this point: Tucows does not share personal data beyond what’s needed to provide the service that the client ordered. We never sell our client’s personal information, and we certainly aren’t going to start now.