GDPR and DCV Email Challenge Response (WhoIs)

As the Internet continues to evolve and our use of it continues to change and grow, the laws enacted to protect us also change and grow, giving us some peace-of-mind as we increase and expand our interactions on the web. The biggest change to come is the General Data Protection Regulation (GDPR), which will become effective on May 25, 2018. Although its scope applies to the EU, most individuals, companies and organizations worldwide will be impacted.
Please see Sectigo's privacy policy for additional information at https://sectigo.com/privacy-policy

So what does this mean to you? This means that most organizations will now have to put in place a privacy regime that will be transparent, providing you with sufficient information on your rights and how your data is collected and used. This impact is directly felt when attempting to utilize the DCV email challenge response method from the list of Alternative Methods of Domain Control Validation Detailed Overview (DCV).

As a Certificate Authority, we are only allowed to use the email information on the WhoIs registration information to send the email challenge response DCV request. If the listing is private, then we can only send to the 5 default addresses as approved by the CAB forum. Owners can also request to remove the from the registrar, but this may take some time for the request to be full-filled.
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]

If the listing is now masked because of the effect of the new GDPR regulations, then we can send the information to the masked email but cannot tell which actual email it is being sent to.