General Data Protection Regulation (GDPR) for Your Website

Please note: This article pertains to our LVSYS CMS websites. In order to provide the clearest communication for our customers, we have separated our company website into two parts. One is for software, the other is for web design. If you have any questions at all, please feel free to give us a call at (503) 408-4890 or send us a message to help@buildableworks.com.

The “General Data Protection Regulation” known as GDPR is a European Union (EU) regulation on data protection and privacy for all individuals within the EU and its greater economic area. It’s an important piece of legislation that can impact US companies doing work with European consumers, and that can levy penalties when companies are out of compliance.

My company is in the US, so why does it matter?

It matters if:

• You employ a European company that collects data or processes data. Ex: merchant services, supplier, hosting company, cloud software, etc. – called a data controller or data processor.
• You have any customer in Europe or plan to have customers in Europe – called data subjects.

What does it really address?

Broadly speaking, it addresses data breach, storage of personally identifiable information (PII) and privacy.

What do I need to do to be compliant?

All you need to do is review your data protection storage, data privacy, and data collection practices; and make the appropriate disclosures to your consumers along with offering them mechanisms to control their personal data.

The most common scenario involves telling users that you are collecting their information (ex: email address) and intend to send them email communications (marketing) or sell their information to third parties (advertising).

We urge you to consult with GDPR experts to assess your exposure and draft the appropriate documents.

How can LVSYS help me?

We can help by adding a warning on your website that will tell users how you are collecting data and prompt them to read your updated privacy policy.

We can help by adding forms and pages instructing users how they can modify their settings to opt-out of your marketing campaigns or data sharing practices so they have more control over their personal data.

Visit our Web Design page to learn more about Buildable websites.

Call 503-468-4890 or email for a quick assessment regarding data protection.

What data does the LVSYS CMS collect?

The LVSYS CMS collects only data that is needed for the website to function properly. Specifically:

• Login and membership modules will store a cookie with the username on the computer, for faster login. No passwords are stored.
• Ecommerce module will store billing and shipping information with each order.
• Credit card data is captured over SSL, sent directly to merchant processing over SSL and is not persisted in the system.
• Wine club and offline ecommerce processing: credit data is tokenized, anonymized and temporarily stored following PCI compliance regulations.

Does LVSYS Corp use data its systems are collecting?

No. LVSYS Corp does not use data collected by its systems, besides regular diagnostic and performance log (which contain no PII) to ensure optimal system performance.

For further reading, click here

As your web partner, we want to keep you up to date on trending web topics and how they affect your business.