The European Union’s General Data Protection Regulation starts May 25, 2018. This is mostly an FYI as Tendenci “the Company” does not engage in cross site monitoring. It creeps us out a bit.
Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.
It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.
What DOES Tendenci do that might allow you to make a mistake in GDPR compliance?
If used as designed, it would be hard to become out of compliance as every site is in an isolated database and container. Yet there are security functions that log activity on your Tendenci site, that if you were to use it for tracking with AI or sell your data, it could potentially be against the GDPRs regulations. Talk to your attorney about this.
For example PCI best practices require dual logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks.
These logs are never sold or accessed by anyone but our security team to trouble shoot the application and provide feedback to the administrators. Remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the logs do not contain any identifying information such as an email or name.
We are NOT lawyers, Thus it is up to YOU to determine how you manage your data. We do not, nor have we ever, sold client data to third parties.