Jump to content

GDPR and domain contact data?

Chris74

By Chris74
in Using WHMCS

 Share

Recommended Posts

Chris74 Senior Member

Chris74

Posted
Posted (edited)

I'm just wondering what the implications are of keeping expired domains, which have associated contact data, after they have expired.

We have a customer who demands that we delete his old domains because they contain registrant data that he doesn't want stored in our system.

I wonder if someone could clarify exactly what is stored in the domain's database entry - does it include contact info - or is that simply associated with the contacts they have added in their account?

I guess what I'm trying to establish is whether or not we have an obligation now under GDPR to delete the contact data held for a particular domain, once that domain has expired. I would suggest if that contact data is held within the same database record as the domain itself, the domain should be deleted once it has been expired for a certain period. If the personal data is not held along with the database, surely then it is simply up to the customer to delete the "contact" or sub account they added for use with the domain.

I'd like to clarify this. I think it is quite important to make a distinction, because there is no way in WHMCS to delete domains once they have been expired for a certain period of time, which means it is holding on to data longer than is necessary and thus, possibly not GDPR compliant.

Edited by Chris74
0
Link to comment
Share on other sites
brian! Senior Member

brian!

Posted
Posted

Hi Chris,

4 hours ago, Chris74 said:

I wonder if someone could clarify exactly what is stored in the domain's database entry - does it include contact info - or is that simply associated with the contacts they have added in their account?

generally speaking, WHMCS doesn't store registrant contact info of a domain - if it ever needs it, WHMCS pulls the contact info from the registrar and returns it to the registrar after updating... it's never stored in the database (if i'm wrong on that, someone from WHMCS can correct me).

obviously the client's details are stored in the database - but they may or may not be different from the actual registrant info used with the domain registration.

all the tbldomains table will store is that 'chris74.com' is registered to userid #34 or whatever... if you delete his account in WHMCS, they'd be no way to link the domain to the client because the client's details will have been removed from the database.

4 hours ago, Chris74 said:

I guess what I'm trying to establish is whether or not we have an obligation now under GDPR to delete the contact data held for a particular domain, once that domain has expired. I would suggest if that contact data is held within the same database record as the domain itself, the domain should be deleted once it has been expired for a certain period. If the personal data is not held along with the database, surely then it is simply up to the customer to delete the "contact" or sub account they added for use with the domain.

if a domain has expired, then at some point, the current contact info will be removed from its record by the registrar/registry and made available for registration again... plus after a domain has expired, I can't see how you could modify/remove the registrants details anyway - it's not theirs at that point.

4 hours ago, Chris74 said:

I'd like to clarify this. I think it is quite important to make a distinction, because there is no way in WHMCS to delete domains once they have been expired for a certain period of time, which means it is holding on to data longer than is necessary and thus, possibly not GDPR compliant.

with the usual caveat that i'm not a lawyer(!), you can delete the domain in WHMCS, but it's not going to make a blind bit of difference to what the registry stores... at that point, I think the GDPR responsibility falls on them, but the registrant info is going to get removed at some point anyway if the registrant doesn't renew the domain... i'm not even sure if the registry could remove the info on demand because they may need to store it internally for legal/police reasons.

0
Link to comment
Share on other sites
Chris74 Senior Member

Chris74

Posted
  • Author
Posted

That's good to know. Thanks Brian. I was concerned that registrant data was held within the WHMCS database and could remain there until removed. I'll probably just find an addon to hide expired domains from the end user anyway  - just to stop them nagging.

0
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use & Guidelines and understand your posts will initially be pre-moderated

  I accept