Privacy checklist

Abstract

Guide to determining if your Sitecore implementation complies with the GDPR and other privacy regulations.

Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.

Use this privacy checklist as a starting point to assist you when assessing your Sitecore implementation’s compliance with global privacy regulations including the EU's GDPR and California's CCPA.

Consider where and how you are storing data in the platform:

  • Familiarize yourself with the flow of personal information throughout the platform, and how each role handles personal information.

  • Perform an audit of all customizations that augment the contact, user, or customer entity. For example:

    • Custom contact facets.

    • Custom membership profile properties.

    • Data captured by Forms.

  • Consider whether you need to request consent to store and process personal information and plan to persist consent choices or other permissions as, for example, a contact facet.

  • Limit the exposure of personal information throughout the platform. You can, for example, choose not to write personal information to logs.

  • Review synchronization of data between your Sitecore implementation and third-party applications, and ensure that this is included in the privacy policy.

Consider whether your implementation upholds the data rights afforded to individuals under applicable laws. For example:

  • Individuals can request that their personal information is deleted (right to erasure), either by contacting the organization or using a self-service portal. This includes user, contact, and customer data, as well as any form submissions that might include personal information.

  • Individuals can request a copy of their data, either by contacting the organization or using a self-service portal. This includes user, contact, and customer data, as well as any form submissions that might include personal information.

  • Individuals can update their personal information, either by contacting the organization or using a self-service portal. Make sure that the user, contact, and customer records are synchronized or that the individual is able to view and update each record individually.

  • Individuals can actively opt-in on all Sitecore websites or websites that use the Federated Experience Manager. You might want to avoid preselected check boxes or passive notices that do not require an active choice.

  • Individuals are given clear information about how the organization processes and stores personal information. From a development point of view, ensure that it is easy for business users to update privacy policies and privacy warnings.

  • You might want to review the consents or permissions in place prior to any synchronization to or from third-party applications, for example, via the Data Exchange Framework.

  • Privacy policies describe the ways in which data is stored and processed across the entire platform, not just the Sitecore Experience Database (xDB). Consider the contact, user, and customer entities, as well as form submissions.

  • Consider how individuals are informed of any new forms of processing as you enable them or add them to the platform.

  • Determine how consent choices are persisted, for example, as a contact facet.

  • Provide the ability for individuals to be able to revoke consent at any time, for example, by contacting the organization or using an online form.

  • Processing can be disabled for individuals who have not given consent, have revoked consent, or have objected to processing. Alternatively, if you are unable to disable processing, individuals are given the option to be forgotten.

  • Prohibiting data practices that might be considered discriminatory.

  • You have secured all application roles, storage roles, and indexes. Refer to the Security Guide for a list of security procedures.

  • You have limited access to user interfaces to users that require access.

  • You have included the ability for the individual to opt-out from selling their personal information in accordance with the right to object or opt-out from selling personal information legislated by the CCPA.

  • Consider how you apply access rights to the request history and how you store these requests in a Sitecore contact report to address the CCPA right that individuals have not to be subject to discrimination.

  • Review the request history to ensure that decisions around the segmentation of data does not negatively impact the user interface or customer experience.