Platform Administration and Architecture

Privacy checklist

Abstract

Guide to determining if your Sitecore implementation comply with the GDPR and other privacy regulations.

Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you on your data privacy compliance journey. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal data. Your resulting implementation is based entirely on your own configuration choices.

Use this privacy checklist as a starting point to assist you when assessing your Sitecore implementation’s compliance with international privacy regulations, with particular emphasis on the EU General Data Protection Regulation (GDPR).

Initial Review

Consider where and how you are storing data in the platform:

☐ Familiarize yourself with the flow of personal data throughout the platform, and how each each role handles personal data.

☐ Perform an audit of all customizations that augment the contact, user, or customer entity. For example:

☐ Custom contact facets.

☐ Custom membership profile properties.

☐ Data captured by Forms.

☐ Consider whether you need to request consent to store and process personal data and plan to persist consent choices - for example, as a contact facet.

Limit the exposure of personal data throughout the platform - for example, you can choose not to write personal data to logs.

☐ Review synchronization of data between your Sitecore implementation and third party applications, and ensure that this is included in the privacy policy.

Individual data rights

Consider whether your implementation upholds the data rights afforded to individuals by the EU GDPR. For example:

☐ Data subjects can request that their personal data is deleted (the right to be forgotten), either by contacting the organization or via a self-service portal. This includes user, contact, and customer data, as well as any form submissions that may include personal data.

☐ Data subjects can request a copy of their data, either by contacting the organization or via a self-service portal. This includes user, contact, and customer data, as well as any form submissions that may include personal data.

☐ Data subjects can update their personal information, either by contacting the organization or via a self-service portal. Make sure that the user, contact, and customer records are synchronized or that the data subject is able to view and update each record individually.

☐ Data subjects can actively opt in on all Sitecore websites or websites that use the Federated Experience Manager. Avoid pre-ticked checkboxes or passive notices that do not require an active choice.

☐ Make sure that consent has been given for any synchronization to or from third party applications - for example, via the Data Exchange Framework.

☐ Data subjects are given clear information about how the organization processes and stores personal data. From a development point of view, ensure that it is easy for business users to update privacy policies and privacy warnings.

☐ Privacy policies describe the ways in which data is stored and processed across the entire platform, not just the xDB. Consider the contact, user, and customer entities, as well as form submissions.

☐ Data subjects are informed of any new forms of processing as they are enabled or added to the platform.

☐ Consent choices are persisted - for example, as a contact facet.

☐ Data subjects can revoke consent at any time - for example, by contacting the organization or using an online form.

Processing can be disabled for data subjects that have not given consent, have revoked consent, or have objected to processing. Alternatively, if you are unable to disable processing, data subjects are given the option to be forgotten.

Security and access

☐ You have secured all application roles, storage roles, and indexes. Refer to the Security Guide for a list of security procedures.

Access to user interfaces has been limited to users that require access.