This is our third in a series of blogs (read part one and part two) on the progress we have made related to data privacy and protection regulations, notably on the European Union's General Data Protection Regulation (GDPR), which will take full effect on 25 May 2018.
In our last update, we noted that an ad hoc volunteer group was formed to help us create and populate a matrix of user stories of the personal data the ICANN organization's contracted parties collect, transmit, or publish in relation to our contracts with registries and registrars. The purpose for collecting this data is to inform a legal analysis on the potential impact of the GDPR from a contractual perspective, which is an activity that we expect to begin in September.
Thanks to the hard work of this group, along with the many other community members who contributed to this effort, we now have most of this information and have published the first draft of the matrix of user stories.
We are posting the matrix for a 30-day public review period. Given the importance of ensuring the data is as complete as possible, we encourage you to review the matrix and let us know if you are aware of something that should be included. We will be updating the matrix during the review period as more data becomes available.
Gathering this information was an extensive undertaking, particularly given the aggressive schedule the group set to complete this activity. We sincerely thank everyone for their hard work and contributions to this important effort.
Following the 30-day review period, we will consolidate the data into a condensed and more easily readable format. We expect to complete this activity by early September. Once the analysis is complete, we will use this data, when appropriate, in our discussions with data protection agencies and other relevant parties. Concurrently, we will move forward with the legal analysis.
We are moving quickly through this process and we will provide you with regular updates. You can also visit the data privacy/protection page on icann.org for information that includes our blogs, details of the matrix, community initiatives, useful links and more. If you have specific questions or have content to contribute to the matrix, please reach out to us directly or email firstname.lastname@example.org with "GDPR Matrix" in the subject line.
In closing, we want to once again express our appreciation to all of you who contributed to this data-gathering effort.