General Data Protection Regulation (GDPR) does not apply to CivicPlus since we do not market to the European Union (EU).
The recent implementation of GDPR imposes new privacy controls on organizations targeting EU citizens. Targeting is the important piece here. Basically, if you are not directly targeting or marketing to EU citizens, you are out of the scope of this new regulation.
For example, if a U.S. city or county is interacting with a citizen that may be considering moving to that U.S. city or county, then they are out of scope. However, if that same government entity was advertising directly to EU citizens to get them to travel to their city or county, they would be in scope.