ICANN is scrambling to be compliant they write... We've all had 2 years notice since the GPDR has been adopted! And if you 'didnt know', you have bigger organizational problems.
I understand it is a lot of annoying work, but adtech and data brokers (etc etc) have been gutting privacy and the internet for long enough. We've let it come this far, now we get regulated.
(disclaimer: I only started working on compliance this year, do as I say, not as I do ;))
It's worse than that. Article 29 Working Party (WP29) - which deals with data protection has said since 2003 (well over a decade!) that Whois is not compatible with EU law [0]. They just didn't have a way to enforce it before GDPR.
But ICANN are delusional idiots, maybe because they get so much money from US intellectual property interests. They did nothing, and then seemed to think that they could get a moratorium on enforcement. But even their own Non-Commercial Stakeholders Group basically told them to get lost [1].
It's a fascinating story of just how terrible ICANN is. As always, the Register has a great write-up [2].
One thing it clear, they deserve it. I do feel bad for registrars though, and hope they had more sense than ICANN and developed a plan B.
We've all had 2 years notice since the GPDR has been adopted!
Have we really? The first it cropped up on my radar was late 2017 and I'm in a business that adheres very strictly to EU DP best practices (so was already mostly GDPR compliant).
I'm not sure whose job it was to promote awareness of this but Britain's data protection agency certainly didn't do a good job of it given they've had my email address for years(!)
I understand it is a lot of annoying work, but adtech and data brokers (etc etc) have been gutting privacy and the internet for long enough. We've let it come this far, now we get regulated.
(disclaimer: I only started working on compliance this year, do as I say, not as I do ;))