Skip to content

GDPR General Guidance For Internet Infrastructure Companies

GDPR General Guidance For Internet Infrastructure Companies

The GDPR (General Data Protection Regulation) is a regulation approved by the European Union on April 14th, 2016 with a two-year implementation phase. On May 25th, 2018, everyone who deals with the personal data of European Union residents needs to be compliant with this regulation, whether your business is in the EU or not. Our goal is to provide a broad overview of GDPR to web hosting providers, data center operators, cloud infrastructure providers, and other Internet infrastructure companies. With this information, your company can begin moving toward compliance. We’ll provide an overview of GDPR tools for risk assessment and give broad tips for generating a GDPR plan. These are not one size fits all solutions. These are for general awareness of the tools, issues, and risks. This document is not legal advice.

Then we’ll be carving out a different place for the domain name provider part of our industry, and explaining the additional complications they are facing by giving a brief overview of what is happening with WHOIS. WHOIS is a query and response protocol that stores registered user or assignee information associated with a domain name. There will be changes to WHOIS as a result of GDPR.

Who Needs To Pay Attention To This?

The data protection concepts laid down in the GDPR are not news to European companies. However, they might be new concepts for many non-European companies. If you are a globally focused Internet infrastructure company, you will need to comply.

If you collect, store, process, or handle data containing personally identifiable information (PII) about your customers, you are likely a data processor, and in some cases a data controller. Data processors handle data on behalf of data controllers. Consequently, you need to know about these new regulations. If you do business with persons in the European Union, at all, you need to do some research to make sure you are (or will be) in compliance. Chances are, you’re not! You will need to change some of your data collection or at least practices. Then you’ll need to explain what you’re doing with the data you’re collecting.

Want To Read More?

Use the form below to download the paper!