GDPR Compliance Issues Could Cause WHOIS Directory to Go Dark

The deadline for compliance with the EU’s General Data Protection Regulation (GDPR) is fast approaching, and an astounding number of organizations are woefully unprepared to meet it. A new survey of IT decision-makers by Crowd Research Partners found that a whopping 60% of organizations will likely miss the GDPR compliance deadline of May 25, 2018, even though 80% of respondents listed GDPR compliance as one of their organization’s top three priorities. A closer examination of the findings paints an even grimmer picture: * Only 7% of respondents reported having already achieved GDPR compliance. * 28% of respondents hadn’t even begun working toward the May 28 GDPR compliance deadline. * 43% of respondents cited an internal skills gap as a stumbling block to GDPR compliance, while 40% blamed budget issues. Among these organizations is ICANN. Yes, that ICANN, the non-profit organization responsible for IP address space allocation, DNS management, and other duties that ensure the reliable, stable operation of the internet. EU Authorities to ICANN: Achieve GDPR Compliance or Else At issue is the WHOIS directory, which acts as a sort of “internet phonebook” and contains the personal identifying information (name, address, phone number, etc.) of everyone, whether a person or an organization, who owns a domain name. As it currently functions, WHOIS is in violation of the GDPR, and ICANN has admitted that it won’t be able to make WHOIS GDPR compliant by the May 25 deadline—despite having had two years to come up with a solution. ICANN has proposed an interim solution it calls “The Cookbook,” but EU authorities have found it severely lacking. The ongoing debacle has put the future of WHOIS into jeopardy. Barring a major development, the service may become fragmented or even go completely dark on May 25, a prospect that has put IP atto eys, cyber security experts, and law enforcement agencies, who depend on WHOIS to enforce intellectual property rights and track down cyber criminals, on edge. ICANN is pleading with European data authorities for an extension, but many experts doubt one will be granted. ICANN has had two years to prepare for the GDPR; additionally, the EU has been sending it written warnings about WHOIS violating other European data privacy laws for at least six years. Instead of preparing for the inevitable, ICANN chose to sit on its hands. Is Your Organization Prepared for the GDPR? Organizations that violate the GDPR face fines of up to 20 million euros (approximately $24.6 million) or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. The stakes are incredibly high, and the time left to prepare is critically short. Find out where your organization stands right now. Click here to take Continuum GRC’s free GDPR readiness assessment and download your report today.