The protection of personal information has become increasingly important in recent years. Concepts such as big data, data mining and profiling have taken a prominent place in today’s digital environment. The internet’s naming system forms an important part of this environment and personal data in relation to domain names is collected, disclosed, retrieved and transferred on a daily basis. The main share of the processing activity revolves around the WHOIS directories, a series of databases managed by registrars and registry operators containing information related to registered domain names. This information includes personal identification and contact information of domain name holders (registrants), such as names, email addresses, phone numbers, physical addresses, and administrative and technical contacts. The WHOIS directories serve as a primary resource for a number of entities, such as law enforcement authorities, consumer protection organisations and intellectual property rights holders, to investigate and tackle crime and infringements online. However, the protection of personal information contained in WHOIS has been a major point of interest since the announcement of the European Union’s (EU) General Data Protection Regulation 2016/679 (GDPR).