Will WHOIS ever be the same, post-GDPR?

With the General Data Protection Regulation (GDPR) now in force, brand protection experts are having to familiarize themselves with the challenges this introduces relating to online brand protection. One of the most significant of these is the fate of WHOIS, the domain name lookup service.

WHOIS was a vital tool for consumer and brand protection efforts, but since the GDPR was enforced on May 25, important registrant data has become unavailable to the public. WHOIS in its previous form was not GDPR compliant, as it displayed personally identifiable data including names, email and home addresses and more.

In late May, the Internet Corporation for Assigned Names and Numbers (ICANN) approved a Temporary Specification for the display of WHOIS data. Registries and registrars are required to follow this specification, which allows registrars and registries to mask all registrant data, regardless of whether the registrant is a resident of the European Economic Area or not.

How to move forward

Until an accreditation and access model – which gives the relevant authorities and brand protection organizations access to the full list of data that’s hidden behind the wall – is in place, brand protection experts will have to send complaints to the registrar abuse contact or file court actions to get access to the masked WHOIS data.

Alternatively, we could simply find an alternative to WHOIS altogether. Over time we will see the emergence of new technologies that take information from other websites to aid brands in their protection efforts, and – once this technology becomes sophisticated enough – we could stop relying on WHOIS altogether.


The instability of the WHOIS situation might cause anxiety among many, but brands have no choice but to continue with their brand protection efforts as best they can. While we cannot predict the long-term impact of GDPR on WHOIS, we can be sure that the future of brand protection will encompass a much wider range of tools and solutions to get the job done.

Find out more information about new solutions for effective post-GDPR brand protection here.