For an overview of GDPR and the regulations visit their site at https://www.eugdpr.org/
If you running your AMS with Tendenci in our AWS Cloud, there is a brief overview of GDPR with links here.
The European Union's General Data Protection Regulation starts May 25, 2018. This is mostly an FYI as Tendenci "the Company" does not engage in cross site monitoring. It creeps us out a bit.
Yet while Tendenci does not do cross site tracking or individual tracking, it is possible that YOUR site does if you are using Google Analytics, DoubleClick or any number of third party add-ons and plugins.
It is up to YOU to reauthorize and comply with the data protection policies associated with third party add-ons on your site.
What DOES Tendenci do that might allow you to make a mistake in GDPR compliance?
If used as designed, it would be hard to become out of compliance as every site is in an isolated database and container. Yet there are security functions that log activity on your Tendenci site, that if you were to use it for tracking with AI or sell your data, it could potentially be against the GDPRs regulations. Talk to your attorney about this.
For example PCI best practices require dual logging and analysis of the logs for security reasons. There is no direct identifying data in web logs, but they would obviously include things like the IP address to block DDoS attacks.
These logs are never sold. Nor are they accessed by anyone but our security team to trouble shoot the application and provide feedback to the client.
And please remember, you have the same user interface and front end functionality that our team does if you host with us. Zero difference. And the security logs do not contain any identifying information such as an email or name.
We are NOT lawyers. Thus it is up to YOU to determine how you plan to handle your site and the GDPR.
Know that because Tendenci is open source, and you can export your data any time you wish, you can and should remain compliant with the laws of your country and the EU if you conduct business there. If that means you aren't allowed to host with AWS (the Tendenci AMS SaaS Cloud lives on AWS data centers), then you can host WHEREVER YOU WISH.
Stay Safe. Stay Secure. Stay Compliant.