Right to rectification

Abstract

Guide to updating an individual's contact, user, customer, and forms data.

Applies to

GDPR

Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.

The right to rectification concerns the individual's right to have their data rectified if it is inaccurate or incomplete. This topic describes how to update contact, user, and customer data.

Some data is automatically synchronized between entities. For example, if a customer’s first or last name is updated from the BizFX role, that data is copied to the associated contact entity. Refer Links between individual entities for more information.

Within your Sitecore implementation, you can:

  • Use the xConnect API to update a contact’s personal information.

The organization is responsible for:

  • Implementing a process or an interface that allows individuals to access and update their data.

Tip

You can create a custom submit action for Sitecore Forms that updates a contact’s personal details.

Within your Sitecore implementation, you can:

  • Use the Security API to update a user’s personal information.

The organization is responsible for:

  • Implementing a process or an interface that allow users to access and update their data.

Within your Sitecore implementation, you can:

The organization is responsible for:

  • Implementing a process or an interface that allows customers to access and update their data.

By default, form submission data is stored in the Forms database. If the xDB is enabled, all form submissions are associated with a contact ID. By default, there is no API to update submitted data in the Forms database but you can extend the FormDataProvider to implement a new API that uses SQL to access and update personal information based on Contact Id. You also need to expose a mechanism by which the individual can trigger a query to erase their data, for example, by implementing a custom submit action that updates the contact information.

You can do this in a fashion similar to what is detailed in the topic Walkthrough: Creating a custom submit action that updates contact details except the submit action updates contact information stored in the Forms database instead of updating contact details stored in xConnect.

In CMS-Only mode, form submissions are not associated with a Contact id (the Contact id is NULL). Therefore, if you store email addresses or other personal information that can be used to identify an individual, you can use SQL to access and update a specific individual’s personal information.

Important

If you create a custom submit action that stores personal information in a third-party system such as a CRM, you are responsible for ensuring that individuals can access their data in that system.