"The GDPR does not apply to the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person.[FN: Recital 14, GDPR] While the contact details of a legal person are outside the scope of the GDPR, the contact details concerning natural persons are within the scope of the GDPR, as well as any other information relating to an identified or identifiable natural person [FN Art 4(1), GDPR] , The mere fact that a registrant is a legal person does not necessarily justify unlimited publication of personal data relating to natural persons who work for or represent that organization, such as natural persons who manage administrative or technical issues on behalf of the registrant.For example, the publication of the personal email address of a technical contact person consisting of firstname.lastname@company.com can reveal information regarding their current employer as well as their role within the organization. Together with the address of the registrant, it may also reveal information about his or her place of work. In light of these considerations, personal data capable of identifying individual employees (or third parties) acting on behalf of the registrant should not be made publicly available by default in the context of WHOIS/RDAP. Any publication by a contracted party must include sufficient safeguards to prevent the identification of any such natural person, directly or indirectly (e.g. use of clearly generic contact email information "admin@domain.com").
![]() |
Donuts Ground Floor Le Pole House Ship Street Great Dublin 8 |
_______________________________________________OFFICIAL
Suggested text for recommendation 4 as discussed on the last call, believe it should go between current 2 and 3.
Thanks
Chris
The GDPR protects natural persons in relation to the processing of their personal data. "It does not cover the processing of personal data which concerns legal persons and in particular undertakings established as legal persons, including the name and the form of the legal person and the contact details of the legal person." This allows for disclosure of legal persons’ data because it is outside the remit of GDPR. Nevertheless, when processing legal persons’ data, safeguards should be put in place to ensure that personally identifying data about a natural person is not disclosed within data marked as a legal person.
This information is supplied in confidence by the NCA. The NCA is not listed as a Public Authority under the Freedom of Information Act 2000. Any information supplied by, or relating to, the NCA is also subject to an absolute exemption.
It may also be subject to exemption under other UK legislation. Onward disclosure may be unlawful, for example, under data protection legislation. Requests for disclosure to the public must be referred to the NCA FOI single point of contact, by email on StatutoryDisclosureTeam@nca.gov.uk. All email sent and received by the NCA is scanned and subject to assessment. Messages sent or received by NCA staff are not private and may be the subject of lawful business monitoring. Email may be passed at any time and without notice to an appropriate branch within the NCA, on authority from the Director General or their Deputy for analysis. This email and any files transmitted with it are intended solely for the individual or entity to whom they are addressed. If you have received this message in error, please contact the sender as soon as possible.
Gnso-epdp-team mailing list
Gnso-epdp-team@icann.org
https://mm.icann.org/mailman/listinfo/gnso-epdp-team
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.