DigiCert Compliance with GDPR
The General Data Protection Regulation (GDPR) is a European Union law on data protection and privacy for all individuals within the EU. The primary aim is to give citizens and residents of the EU more control over their personal data and to simplify the regulatory environment for international business by unifying the regulations within the EU. The GDPR went into effect on May 25, 2018. More Details »
DigiCert worked to understand and comply with GDPR. We were aligned with GDPR when it went into effect on May 25, 2018. See Meeting the General Data Protection Regulation (GDPR).
GDPR Impact on WHOIS-based Email Domain Control Validation (DCV)
The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25th, 2018. The GDPR requires data protection for natural persons (not corporate entities) residing within the European Union (EU).
DigiCert worked with ICANN to keep WHOIS information available. ICANN announced that it continues to require registries and registrars to submit information to WHOIS, with a few changes to address GDPR. See A Note on WHOIS, GDPR and Domain Validation.
Do you rely on WHOIS-based Email domain validation?
Check with your domain registrar to find out if they are using an anonymized email or a web form as a way for CAs to access WHOIS data as part of their GDPR compliance.
For the most efficient validation process, let your registrar know that you want them to either continue using your full published records or use an anonymized email address for your domains. Using these options will ensure minimal-to-no-impact on our validation processes.
Does your registrar use an anonymized email or a web form as a way for CAs to access WHOIS data? If so, we can send the DCV email to the addresses listed in their WHOIS record.
Does your registrar mask or remove email addresses? If so, you will need to use one of the other methods to prove control over your domains:
For more information about constructed email addresses and other alternative DCV methods, see Domain Control Validation (DCV) Methods.