[Community-Discuss] AFRINIC and the GDPR

S Moonesamy sm+afrinic at elandsys.com
Sat Apr 14 12:16:40 UTC 2018

Hi Arsene,
At 03:12 AM 14-04-2018, Arsene Tungali wrote:
>To be honest, i have never requested any IP resources so i am 
>limited in my knowledge of what type of personal information is 
>requested when someone is requesting resources from Afrinic. I would 
>therefore appreciate to be directed to the RIPE NCC report 
>mentionned in that communication.

There is a document about the RIPE NCC implementation at 

>Just a general question as i am following discussions on the GDPR 
>but mostly from the naming community perspectives (being a domain 
>name registrant): what impact does the Interim Models (with regards 
>to the whois system and personal data and icann's compliance with 
>GDPR) suggested by ICANN has on the numbering community? I haven't 
>see any discussion on those models here since, from my 
>understanding, Afrinic is just another data controller?

To keep our email exchange easy, I'll keep the Interim Models 
proposed by ICANN separate from the what the RIR in Africa has to do 
to comply with the data protection law.  Afrinic Ltd was registered 
as a controller under the Data Protection Act 2004 (Mauritius) [1] 
since several years.  The data protection framework to which it is 
subject has been aligned with the data protection framework for 
countries in the European Union since 2016.  There are some 
advantages to that, e.g. the company can "borrow" some ideas from 
RIPE NCC instead of starting from scratch.

The difference between domain names and number resources is that 
number resources are usually registered to legal entities.  Here is an example:

   netnum: -
   netname:        AFRINIC
   descr:          AfriNIC - Internal Use
   country:        ZA
   org:            ORG-AFNC1-AFRINIC

S. Moonesamy

1. The current data protection framework is the Data Protection Act 2017.

More information about the Community-Discuss mailing list