General Data Protection Regulation (GDPR) for Your Website
The “General Data Protection Regulation” known as GDPR is a European Union (EU) regulation on data protection and privacy for all individuals within the EU and its greater economic area. It’s an important piece of legislation that can impact U.S. companies doing work with European consumers, and that can levy penalties when companies are out of compliance.
My company is in the US, so why does it matter?
It matters if:
- you employ a European company that collects data or processes data. Ex: merchant services, supplier, hosting company, cloud software, etc. – called a data controller or data processor.
- you have any customer in Europe or plan to have customers in Europe – called data subjects.
What does it really address?
Broadly speaking, it addresses data breach, storage of personally identifiable information (PII) and privacy.
What do I need to do to be compliant?
All you need to do is review your data protection storage, data privacy, and data collection practices; and make the appropriate disclosures to your consumers along with offering them mechanisms to control their personal data.
The most common scenario involves telling users that you are collecting their information (ex: email address) and intend to send them email communications (marketing) or sell their information to third parties (advertising).
We urge you to consult with GDPR experts to assess your exposure and draft the appropriate documents.
How can LVSYS help me?
We can help by adding forms and pages instructing users how they can modify their settings to opt-out of your marketing campaigns or data sharing practices so they have more control over their personal data.
Call 503-468-4880 or Email Here for a quick assessment regarding data protection.
What data does the LVSYS CMS collect?
The LVSYS CMS collects only data that is needed for the website to function properly. Specifically:
- Login and membership modules will store a cookie with the username on the computer, for faster login. No passwords are stored.
- eCommerce module will store billing and shipping information with each order.
- Credit card data is captured over SSL, sent directly to merchant processing over SSL and is not persisted in the system.
- Wine club and offline eCommerce processing: credit data is tokenized, anonymized and temporarily stored following PCI compliance regulations.
Does LVSYS Corp use data its systems are collecting?
No. LVSYS Corp does not use data collected by its systems, besides regular diagnostic and performance log (which contain no PII) to ensure optimal system performance.
As your web partner, we want to keep you up to date on trending web topics and how they affect your business.