May 2018 marked a new dawn for the General Data Protection Regulation (GDPR), passed in the European Union, widely causing concerns among digital marketers. If you are an enterprise that deals with Personally Identifiable Information (PII) for citizens of the European Union (EU) or European Economic Area (EEA), you are likely to be directly affected by these rights, thus, requiring wide changes with the effects of GDPR on your business.
This blog post is aimed at understanding what GDPR is all about and how an upgrade to Sitecore 9 can help you meet the compliance with automated features.
Understanding GDPR compliance in Sitecore
Let’s get you started on understanding how Sitecore and GDPR in practice work together. Firstly, you will need to understand the impact of GDPR compliance within your Sitecore Experience Platform. Think about the various data entry points that collect customer interactions every day, and you will realize that you are likely to have a huge database of customer data gathered over the years. The thought of how to comply all that with the new GDPR law itself can be daunting.
Here’s the good news – you can opt for Sitecore migration service and move to Sitecore 9 that offers a number of privacy features that can assist you in managing data that automatically meet in line with the GDPR regulations.
Sitecore 9 is inbuilt with features that will allow your organization to recognize and respect each of your end customer’s data contribution to your business. It evolves around the global data privacy regulations, including the GDPR in transparency and accessibility.
Sitecore’s compliance with GDPR law
Sitecore 9 follows a privacy-by-design approach that incorporates some of the foundational principles that ended the data protection controls. Here are a few listed benefits of Sitecore 9 that best supports your GDPR compliance efforts.
- Proactive and preventative: Sitecore 9 is featured to help you decide on how to identify PII, configure your collection and processing choices, and as well protect your end customer’s PII.
- Privacy by default: Sitecore 9 is built on privacy foundation that aims to protect PII out-of-the-box, allowing you to identify and secure PII that may be introduced using Extensions.
- Embedded privacy: Sitecore’s development process includes an exercise of identifying the potential PII data.
- Positive sum: You will be able to achieve the right balance between privacy, security controls, and usability of data.
- Ensure end-to-end security: Sitecore 9 is proven to use strong security measures that protect personal data throughout the customer’s journey with your brand, including the encryption of data storage and data transport.
- Visibility, transparency, and respect for end-customer privacy: Sitecore practices a clear privacy policy, and visibility of data from data gathering to processing, to justify the best practices.
GDPR data privacy rights and Sitecore 9
The General Data Protection Regulation (GDPR) Act is aimed at giving individuals more control over their personal data. The increased control comes in the form of more lawful rights as below:
- The right to be informed – With the help of Sitecore Content Editor, you can define and manage your privacy policies and present these to your end customers as part of a solution.
- The right of access – Sitecore xConnect provides an API ‘GetContactAsync’ that allows you to retrieve a full contact profile for your end customer.
- The right to rectification – You can build preference forms to display and allow end customers to edit their PII profile data, so you can maintain and manage your accurate data stored in the database.
- The right to erasure – The Sitecore xConnect feature ‘ExecuteRightToBeForgotten’ supports erasure requests of your end customers and irreversibly anonymizes the individual’s data so that the data is no longer identifiable.
- The right to object and restrict processing – You can define the appropriate level of opt in/out required, based on the type of data collected and ensure your end customers have control over these settings. Further, Sitecore’s Email Experience Manager (EXM) offers a global opt-out list setting which can help to disable all direct marketing activities to your end customer.
- The right to data portability – Sitecore’s xConnect allows you to retrieve a full contact profile for your end customer. With this API, you can choose to specify whether you wish to retrieve all known data for the contact.
- Rights in relation to automated decision making and profiling – As an extensible platform, Sitecore 9 allow you to personalize experiences for your end customers, based on the information you choose to collect. It recommends steps for being transparent in your privacy statements and consent language, and Sitecore products can help you track and store information, but data processing decisions will always be yours to make.
Insights
Sitecore 9 is a total solution that provides a complete picture of every customer’s data, every interaction with your brand, and full information collected and stored at an individual level. Implementing Sitecore 9 as an extensible framework, you can determine your own assessment of any PII you will collect and process.
If you are preparing for your GDPR compliance, we would like to welcome you to the opportunity of experiencing Sitecore 9. Get in touch with our Sitecore consultants, if you wish to get set with Sitecore and GDPR.
