The General Data Protection Regulation (GDPR) applies from 25 May 2018 within the EU, so I wanted to know what the implications are for the software I use from coffeeCup such as the shopping cart and form builder. My take on the areas that will hit webmasters within the eu are as follows:

Contact form design
Marketing 'opt-in' forms design
Privacy notices (often referred to as Privacy policies)
Website security - encryption (SSL)
Cookie consent
Data breaches and your obligations
Processing data of under 18's

Are there any plans to incorporate GDPR compliance into software (yes I am a lazy designer)?

I think it would be better if you open a support ticket for your question. The CC staffers don't always read the forum posts.

But I would think that it would be the responsibility of every individual/company that keeps customer/client details to make sure they follow the new regulations.

Maybe CC could put together a support article that gives advice about the GDPR, as it doesn't just concern people/companies within the EU, but also those from other countries that have EU residents as customers/clients. CC themselves, e.g.

"But I would think that it would be the responsibility of every individual/company that keeps customer/client details to make sure they follow the new regulations. "

I guess you are right Inger, but what about form output that is stored on the S-drive? Contact forms contain client data which raises the question of SSL- encryption and data storage. In the end this is still the responsability of the individual company, but I wonder if Coffeecup should be considered a Data Processor? In that case we would need a Terms of Service document describing these details. We could then refer our clients to this document.

Following your advise I will submit a separate support ticket.

If you have EU customers you need to comply.

doesn't CoffeeCup have a Terms of Service document?

and even if it does, I'd imagine this wouldn't mean you, the site owner, would not also need a Terms of Service document, as well as a Cookies Policy, and a Privacy Policy -- and this would also, I'd imagine, need to include statements in that / those policies covering third-party collection of "data" -- this would include even basic data collection such as Google Analytics. That is, even for a non-commercial site you'd need these things -- read for all site visitors, not just "customers" in the country where you are.
Fortunately, if you look around, there's a number of places where you can get templates covering these things that are available cheaply, some even free -- but they always advise you to carefully check them to make sure they cover your specifics.
All of which, as you suggest, means SSLs etc etc should at least be considered by us all -- and again, there're a variety of these at a variety of prices, with different levels of security, and price not always being a good indicator of actual level of security. But, again, if you look around most hosting providers provide some degree of support in this area -- some even have the cost included as part of your hosting fees.

Hi Russell, I absolutely agree with you on the fact that is the responsability of the site owner to make sure his website and data collection are GDPR compliant. This involves putting your own cookie and privacy policy in place. However, many of us use thirds parties such as Google Analytics or Coffee Cup to analyse, process or store customer data. As part of your own policies you would have to disclose these parties to the clients and describe their ToS to the clients. In most cases a simple link to the ToS document would be sufficient.
I assume Coffeecup will have a ToS document, I have just submitted a ticket to ask them.

This thread still has valid concerns. A new article by CC would help, but implementing gdpr would be better.