For an overview of GDPR and the regulations visit their site at https://gdpr.eu/tag/gdpr/
If you running your AMS with Tendenci in our AWS Cloud, there is a brief overview of GDPR with links here.
The European Union's General Data Protection Regulation starts May 25, 2018. This is mostly an FYI as Tendenci "the Company" does not engage in cross site monitoring. It creeps us out a bit.
Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.
It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.
How you might be out of GDPR compliance?
If Tendenci is used as designed, it would be hard to become out of compliance. Every site is in an isolated database and container. There are security requirements that log activity on your Tendenci site. If you were to use your data for tracking with AI, or sell your data, it could potentially be against the GDPR's regulations. Talk to your attorney about this.
For example: PCI best practices require logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks with active response.
These logs are never sold. Nor are they accessed by anyone but our security team to trouble shoot the application and provide feedback to the client.
And please remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the security logs do not contain any identifying information such as an email or name.
We are NOT lawyers. Thus it is up to YOU to determine how you plan to handle your site and the GDPR. (See links above.)
Know that because Tendenci is open source, and you can export your data any time you wish, you can and should remain compliant with the laws of your country and the EU if you conduct business there. If that means you aren't allowed to host with AWS (the Tendenci AMS SaaS Cloud lives on AWS data centers), then you can host WHEREVER YOU WISH.
Edit: If you are using social media icons such as a "like" button - you are in unknown territory. The reason is they are typically pulled in via an iframe and we are not in control, nor can we see, what that third party can track with that data. We recommend removing the "like" button and just using an image that you upload to YOUR site. Then link the image to your social media sites. By serving the image from your site you avoid the possibility of a third party using it for tracking purposes. Even if it is stated that this is against their policy now, you don't know what will happen if they get sold years from now and change their policy.
Stay Safe. Stay Secure. Stay Compliant.
Remember - we are NOT lawyers. What constitutes a need for "Active Consent", and even what IS "Active Consent", is a legal question. That it is up to you to determine.