GDPR for Percussion Customers

Thu May 24, 2018

Image depicting The General Data Protection Regulation

The General Data Protection Regulation that goes into effect on May 25th, 2018 impacts anyone with a Website that caters to visitors that reside in EU countries.  

The regulations go a long way toward helping to limit the amount of Personal Information that organizations can collect from individuals.  Percussion supports this initiative and encourages customers to comply with the GDPR.

This Blog Post is no substitute for legal advice and is not intended as a turnkey guide for GDPR compliance.  It is our intent to assist customers that are in the process of GDPR adoption with Percussion WCM specific information to assist with the process.

What is Percussion doing about GDPR?

  • We've updated our Privacy Policy with clearer language including language for GDPR compliance and 3rd party data providers.
  • We have sent opt-in reminders for our Marketing email lists so that subscribers that do not re opt-in will be removed from the list on May 25th, 2018.
  • We've reviewed our products for GDPR compliance and identified areas where we could better support the GDPR.
  • We are publishing this Blog post.

Product Guidance - Percussion CM1

Our Percussion CM1 content management product provides several widgets that may affect Customer Privacy Policies when updating their privacy policy for GDPR.   

Cookies

Website's generated by Percussion CM1 generally do not require cookies by default.  There are a few Widgets that, if they are used on your website, may require mention.

  • Membership & Secure Membership  - The Percussion Membership widgets use cookies to for Security purposes.   Customer's utilizing the Membership widget's may need to update their privacy policies to include  mention that the web site uses Session Cookies and Security Cookies for operating the website.
  • Share this Widget - The Share this Widget uses cookie for tracking and advertising purposes.  Customer's utilizing the Share This Widget may need to update their privacy policies to mention that the web site uses cookies for tracking and advertising purposes.  A section in the privacy policy should also cover links to third party services (such as Facebook) are covered by the privacy policy of the third party website operator.
  • Polls Widget - The Polls Widget has an option to use a Session Cookie to restrict Poll responses to one response per session.  Customers that are using the Polls widget on their site and have selected the Session option, should update their privacy policy to make mention that the site uses Session Cookies for operating the website.

Personal Information

Percussion websites do not generally contain Personally Identifiable Information (PII) as they are static HTML websites.  It is, however, still possible to capture some P.I.I. information from your website visitors using certain widgets on your website.

  • Forms Widget - The Forms widget can be used to capture personally identifiable information from your web site visitors, depending on what information is requested in the form fields.  Customer's should review their usage of the forms widget and update the Privacy Policy according to what information is captured by forms on the Published website. SaaS customers using the Forms widget to capture P.I.I. should reference Percussion Software as a Sub Processor or Third Party service provider and link to our Privacy Policy.
  • Comments -  The Comments widget can be used to capture Email Address information from your website visitors if you include the email field on the Comments form. Customer's should review their usage of the Comments widget and determine if Personally Identifiable information is being captured and update their Privacy Policy accordingly.  SaaS customers the Comments widget should reference Percussion Software as a Sub Processor or Third Party service provider and link to our Privacy Policy.
  • Image Widget - The Image widget is used to post Images to the website.  Images that include photographs of team members or staff that work in areas where the GDPR applies may require Consent of the the individual in the photograph.  Customers should review their site imagery to check for this type of compliance issue.
  • Blog Post Widget - The Blog Post widget is used to post blog posts to the website.  Customer's that are using the Byline field to publish the Author's name in an area covered by the GDPR may require a Consent Form be captured for the Author's name to be published in order to be compliant.  Customers should review their website to check compliance issue.

Third Party Widgets / Scripts / Services

Customers should review their websites and templates that reference third party scripts and services and document them in their privacy policy.  Services like Evergage, Google Analytics, Marketo, Salesforce, Wufoo Forms, etc will all have Cookie and Privacy policies that you will want to disclose. Non-compliant services may need to be removed or replaced.

Additional Information for Percussion CM1 SaaS Customers

Percussion Software is providing the infrastructure for your website and retains information such as web site and server access logs, traffic logs, and processes any P.I.I. data captured by the Percussion Widgets mentioned above.  You should reference Percussion as a Third Party / Sub Processor in your Privacy policy and link to Percussion's Privacy Policy to provide transparency of data processing.

GDPR Related Product Updates

Percussion has several feature updates in various stages of development to help to simplify GDPR compliance.

Cookie Consent

A cookie consent widget and dashboard gadget is under development that will provide for a Cookie Consent option that includes third party scripts as well as the published website.  The widget will log consents and the new Dashboard gadget will allow them to be reported on.

Comments Gadget

We are reviewing the Comments gadget for enhancements related to filtering, exporting, and deleting comments by email address.

Product Guidance - Percussion Rhythmyx

Our Percussion Rhythmyx content management product includes several solutions that may affect Customer Privacy Policies when updating their privacy policy for GDPR.   

Cookies

Rhythmyx published websites do not include cookies by default.

  • Personalization Solution - The Personalization solution makes use of cookies for Tracking & Personalization, as well as for Session management.  Customers using the Personalization solution should update their Privacy policy to reflect this.
  • Community Marketing Solution - The Community marketing solution components use cookies for Session management and Security.  Customers using the Community Marketing Components should update their privacy policy to reflect this.

Personally Identifiable Information (PII)

Rhythmyx itself does not capture any personally identifiable information from Web Site visitors in the out-of-the box configuration.

  • Personalization Solution - The Personalization solution can be configured to build a user profile for anonymous for website visitors as well as identified users via a named profile id.  Customer's should review their implementation of Personalization and update their privacy policy to indicate if any PII information is stored in the solution.

Third Party Widgets / Scripts / Services

Customers should review their websites and templates that reference third party scripts and services and document them in their privacy policy.  Services like Evergage, Eloqua, Google Analytics, Marketo, Salesforce, Wufoo Forms, etc will all have Cookie and Privacy policies that you will want to disclose. Non compliant services may need to be removed or replaced.

Partner GDPR Offerings

  • Siteimprove offers a GDPR Compliance option as part of their subscription service.  

In Closing

The new Data Privacy rules imposed by the GDPR require that online marketers and services take a fresh look at their data collection and privacy practices.  Ideally the new rules help Marketers to responsibly manage customer and prospect data in a way that creates a safer and better experience. Percussion is committed to assisting our customers in their compliance efforts and will continue to support GDPR adoption in future product updates and features.



Nate Chadwick
Nate Chadwick
Vice President of Products & Services | Percussion Software

N/A