Shortcut to this article: opensrs.help/gdpr

Overwhelmed? Start with this checklist. 

Resource links

• End-user consent request emails - The means by which we send the Data Use Consent Settings page URL (see below) to the registrant. 
• Data use consent settings pages - The location from which a registrant can set, view, and update their consent preferences or revoke consent.
• Tucows.help/data-use - A reference tool for registrants and resellers, this easy-to-search info page houses the data-processing details for each TLD we offer, including the name of the provider, which pieces of personal we data process, and the legal basis for processing each.
• Transfer in email
• Transfer in landing page
• Consent management sample flow - consent choice change
• Consent management sample flow - new registration
• Transfer process - before and after - A comparison between how domain transfers work today and how they work after GDPR.
• GDPR API changes

How OpenSRS processes data - general information

• Why are you applying GDPR-related changes platform-wide?
• Why does the Data use consent settings page mention Tucows?
• What is the difference between consent and contract, and why does it matter whether a data element is processed based on contract or consent? 
• How long do you keep personal data on file?
• Doesn’t ICANN policy require something different than your implementation?

Whois information

• Will resellers still be able to see all available Whois data or will they we be required to use the gated Whois?
• Why can’t I see real contact information in the public Whois anymore?
• Is it possible to opt-in to the display of real data in the public Whois?
• Will the public Whois output still display domain dates, status, nameservers, and sponsoring registrar?
• In the gated Whois, what data will be displayed?
• Will the changes to the Whois affect non-EU domain registrants?
• Law enforcement and privacy protected domains
• What is the difference between the gated Whois and the domain privacy Whois?
• Will the domain privacy number continue to be displayed?

Understanding the end-user consent management process

• What TLDs and products show up on the Data use consent settings page?
• Why are some TLDs asynchronous while others are synchronous? Why is consent sometimes required and sometimes optional?
• Why is my customer’s asynchronous domain pre-consented? They haven’t yet provided consent.
• What happens if the user does not provide, or revokes consent?
• My customer is canceling a service in order to have their data erased from the provider’s system. Will I and, by extension, my customer, be refunded?
• How are products grouped together on the Data use consent settings page?
• Why does the order in which services are listed on the Data use consent settings page change?
• Why is my customer receiving multiple consent request emails?
• Does the consent request timeout?
• What triggers the consent request to be sent?
• Who receives the consent request?
• Can the consent request be sent to the domain admin, billing, or tech contacts?
• Why did my customer get a consent request and then find a “nothing further is required” notice on the consent page?
• Is consent different depending on the domain owner type?
• Why will my customers receive consent request emails in addition to Whois Verification emails? Can’t these be combined?

Reseller controls and management

• Can I stop sending Tucows certain pieces of domain contact info, or stop sending domain contact details altogether?
• Can I turn off the Data use consent settings page and consent request process entirely?
• Can I edit the consent page?
• Can I edit the consent request email?
• My client lost the link to their consent page. How can I provide it to them?
• How can I determine whether a specific TLD is asynchronous?