The General Data Protection Regulation (GDPR) will make it more difficult to catch hackers and online scammers. On May 25th, 2018, a regulation law was passed that was designed to protect the data and privacy of individuals in the European Union. While the intentions were certainly good, this meant that it would become more difficult to detect instances of hacking or potential phishing scams.
The GDPR requires companies to provide consent when dealing with online activities or filling out web forms. By granting consents, companies are releasing sensitive information that is later collected and stored. This introduces the possibility of an unknown third party posing under the guise of a legitimate contractor for collecting sensitive information.
Under this law, the WHOIS database privacy will further be restricted. WHOIS is one of the longest-running tools used for verifying IP addresses, domain name privacy, and other identity-related information. The restriction of such information would make it more difficult for companies to protect their intellectual property. This could potentially lead to a rise in cybercrime.
The main issue is that the GDPR does not efficiently maintain a balance between upholding public interest and keeping private information well secured. The goal to further restrict sensitive information makes it more difficult for companies to maintain the rights over that information.
The WHOIS protocol is a standardized toolkit for analyzing necessary information that can be used to trace illegal or malicious online activity. This is done by analyzing the registered domains and IP addresses that can be used to follow suspicious events. This was the original purpose of the WHOIS protocol.
The problem is that it does not necessarily comply with the GDPR, and violates the domain name privacy policies that the regulation law specifies. The GDPR does somewhat undermine the intention of the WHOIS protocol. With these newly imposed limitations on WHOIS, scammers and hackers will possibly have an easier time getting away with committing cyber crimes.
Companies are going to face new challenges complying to the regulatory policies. It’s going to be a tough decision maintaining the integrity of a company’s private data and meeting the standards of the GDPR. There are technologies and techniques available that simplify how companies deal with the GDPR. Some of these include processing limitations, consents management, compliance management, and data discovery and erasure techniques. Some companies are already changing how they train their employees.
There is some debate, however, that the consequences of the GDPR are not as severe as it seems. The GDPR is moving in the right direction but requires further revision to achieve its intended goal. With the GDP’s current terms, this opens rooms for hackers to gain access to a wealth of sensitive information that could be used for achieving their own motives. The WHOIS database privacy is important to the GDPR, but this information is necessary for tracing cybercrime. Companies are going to have to adapt to the changes set by the GDPR and update their protocols for protecting their records.