GDPR

EU regulation that treats personal data like a protected resource—and makes registrars liable for how they handle it. Enacted 2018, it applies to anyone processing data of EU residents, regardless of where you operate. For domain registration, GDPR means: registrars must get explicit consent before storing WHOIS data, can't sell it, must honor deletion requests, and face massive fines (up to 4% of global revenue) for breaches. This is why European registrars strip WHOIS public records and offer privacy-by-default. Non-EU registrars often ignore GDPR entirely; some explicitly avoid EU residents to sidestep compliance. The regulation created a jurisdictional split: EU-friendly registrars implemented privacy; offshore registrars doubled down on anonymity. Bunkerdomains treats GDPR as a fact, not a virtue—we don't process unnecessary data, so we have little to comply with or leak. Related: CCPA (US equivalent, weaker), KYC (the opposite regulatory impulse), WHOIS privacy.