Privacy and the security of personal data is a topic that has grown in importance in the digital age. The European Union (EU) addressed these concerns in 2016 by publishing guidelines regarding the treatment of personal data in the General Data Protection Regulation (GDPR). All companies located inside and outside of the EU that provide goods and services to EU citizens or monitor their behavior are subject to these regulations beginning in May of 2018.
Overview of the GDPR
The GDPR lists the legal justifications that must be met when collecting and processing personal data. They are:
- Consent – The individual must consent to the data being processed.
- Contractual obligations – Data can be collected regarding contracts made with the individual.
- Legal obligations – Data can be collected to fulfill legal obligations.
- Legitimate reasons – Processing of data can be done for marketing and communication purposes.
Failure to comply with the regulations put forth in the GDPR can lead to serious consequences for the offending company.
- Individuals can seek monetary damages in court.
- Companies can face substantial fines for non-compliance.
- Data protection enforcement will lead to decreased trust in the offending companies.
Individuals in the EU have rights pertaining to the personal data collected about them. These include:
- Consenting to the collection of the personal data.
- Right to rectification if the personal data is incorrect or changes.
- Right to data portability.
- Right to be forgotten (data erasure) when the data is no longer required.
Companies that are affected by the GDPR are challenged to meet all of the stringent requirements set forth in the legislation. Employing the proper software tools is critical in an institution’s ability to remain compliant with the GDPR.
How Sitecore 9 assists with GDPR compliance
Sitecore is a powerful content management system (CMS) that can play an instrumental role in maintaining your company’s compliance with the GDPR. Though compliance tasks can be accomplished using Sitecore 8, the recent release of Sitecore 9 has features that are specifically designed to address the compliance concerns introduced by the GDPR. Let’s take a look at some of the ways Sitecore 9 can help you avoid the pitfalls of non-compliance.
Sitecore can potentially store private (PII Sensitive) data in a number of places. The application allows you to mark data with a PIISensitive attribute so you can easily identify it when it is found in the xDB, core database, indexes, and reporting database.
Specific routines built into Sitecore that facilitate various compliance actions include:
- Data rectification – The xConnect facility allows you to easily set up your website with forms that can be used by individuals to rectify issues with their personal data.
- Consent collection – Policy dates and consent are stored together in Sitecore 9 allowing for multiple consents stored in an individual’s profile.
- Data portability – Another use of the xConnect facility is to enable you to easily extract a user’s sensitive data from your databases.
- Data erasure – This critical component of the GDPR can be implemented with the Execute Right To Be Forgotten method introduced in Sitecore 9.
If your company is challenged by maintaining compliance with the GDPR, Sitecore offers a CMS that can greatly reduce your potential exposure. Consider using this tool to design a customer experience that delights your clients while keeping their sensitive data safe and sound.