The General Data Protection Regulation  [GDPR]

The General Data Protection Regulation is a European Union (EU) law regulating the way personal data of EU citizens and residents can be gathered, used, stored and transferred.

GDPR is a EU Regulation, which is a binding legislative act that must be applied in its entirety across all EU Member states. (Compared to a Directive, which sets a goal but leaves it to the individual Member states to devise their own legislation on how to reach the goal).

The Regulation is relevant for all organisations based in the EU that collect or process data from EU residents, but also applies to organisations based outside the EU if they collect, store or process personal data of EU residents. GPDR entered into force on 25 May 2016 and will be enforceable starting 25 May 2018.


ICANN Information on GDPR (January 2018)

Data privacy and data protection regulations are currently undergoing developments that may impact specific areas of the ICANN organization’s work. ICANN’s landing page contains a current listing of ongoing projects at the ICANN organization related to data protection and privacy matters, and is intended to provide easy access to this information. You can find the landing page at

Legal Analyses, Proposed Compliance Models, & Community Feedback:

ICANN Webinar on 04 October 2017:

GDPR Models and Proposals submitted to ICANN

Proposal of eco (Association of the Internet Industry) Playbook GDPR:

Proposed Interim Models for Compliance with ICANN Agreements and Policies in Relation to the European Union’s General Data Protection Regulation:

Draft Model to Address the GDPR submitted by Coalition for Online Accountability:


GDPR Solutions (October 2017 update)

The geoTLD group has been working with its European members and partners to survey best practices in terms of GDPR Registry solutions.

Key Registries Backend Providers such as AFNIC, CORE and SIDN, who bring years of experience of GDPR-like local legislation, implemented GDPR measures to run .fr, .cat and .nl respectively, and all manage New gTLDs, giving them a thorough understanding of the program; have helped us draw the landscape.
We derived from their experience a set of possible solutions, trying to maintain existing New gTLD obligations where ever possible, suggesting amendments where they are in conflict with GDPR, to offer working solutions to Whois, Escrow and other issues raised by GDPR.

Find our presentation at  geoTLD-GDRP-Solutions.public.pdf


GDPR Survey (May 2017)

See all the results at – GDPR survey report – June2017

General Data Protection Regulation

GDRPRegulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC  – 

Information website by the European Union:

The GDPR Survey

The launched a survey to gather information on the awareness and state of preparations within the domain name industry for the General Data Protection Regulation (GDPR).

The online survey was launched on 5 April 2017. It was amongst other announced on the mailing list of different Supporting Organisations (SOs) and Stakeholder Groups in the ICANN community and on the website.

This report reflects the feedback we received on the survey between its launch on 5 April and the end of May 2017.

See all the results at – GDPR survey report – June2017


Purpose & Disclaimer

The geoTLD.Group survey aims at getting an indication of GDPR awareness within the domain name industry and the state of preparations of industry players for the 25 May 2018 deadline for GDPR enforcement.

The survey collects information on issues Registries, Registrars and other players identified and on the measures they intend to implement on legal, policy, technical or other levels.

This survey report is not a legal analysis of GDPR nor a guide for individual companies on measures or required changes to policy or processes for the collection, processing and storage of data on EU residents and domain holders in line with the new EU legislation. It is either our intent to assess the merits of the different solutions.

We hope that this survey report contributes by raising awareness on GPDR, by showing how different players assess the impact of GDPR on their business, by listing what issues they identify and what measures they plan to take. We also hope that the information in this report is relevant and practical input for the community policy discussions at ICANN 59 in Johannesburg and beyond.