Right of access by the data subject

Abstract

How to realize Sitecore data subject's right of access to contact, user, customer and forms data.

Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you on your data privacy compliance journey. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal data. Your resulting implementation is based entirely on your own configuration choices.

The right of access concerns the data subject’s right to access their personal data and obtain information about how their data is being processed. This topic describes how the Sitecore product facilitates the ability to access and update the data subject’s personal data.

Within your Sitecore implementation, you can:

The organization is responsible for the following:

  • Implementing a process or an interface that allows data subjects to access their contact data.

Within your Sitecore implementation, you can:

The organization is responsible for the following:

  • Implementing a process or an interface that allows data subjects to access their user data.

Within your Sitecore implementation, you can:

The organization is responsible for the following:

  • Implementing a process or an interface that allows data subjects to access their customer data.

By default, form submission data is stored in the Forms database. If a form submission is linked to an identifier such as a contact identifier or an e-mail address, you can use SQL to access and update a specific data subject’s personal data.

The organization is responsible for:

  • If relevant, implementing a process or an interface that allows data subjects to access their form submission data. The following example assumes that you know which form field (represented by FieldItemID) contains sensitive data. Forms and form fields are created by business users. For more information, see Create a form.

    USE [sample_Sitecore.ExperienceForms]
    
    GO
    
    SELECT
        [ID],
        [FormEntryID],
        [FieldItemID],
        [FieldName],
        [Value],
        [ValueType]
    FROM
        [dbo].[FieldData]
    WHERE
        [FieldItemID] = '7d00533b-1cf2-4597-aaa0-01e09a01b7cc'
    AND [Value] = 'youremail'
    
    GO
    

Important

If you create a custom submit action that stores personal data in a third party system such as a CRM, you are responsible for ensuring that data subjects can access their data in that system.