Right of access by the individual

Version: 10.3

Applies to

GDPR, CCPA

Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.

The right of access concerns the individual’s right to access their personal information and obtain information about how their data is being processed. This topic describes how the Sitecore product facilitates the ability to access and update the individual’s personal information.

Accessing contact data

Within your Sitecore implementation, you can:

The organization is responsible for the following:

  • Implementing a process or an interface that allows individuals to access their contact data.

Accessing user data

Within your Sitecore implementation, you can:

The organization is responsible for the following:

  • Implementing a process or an interface that allows individuals to access their user data.

Accessing customer data

Within your Sitecore implementation, you can:

The organization is responsible for the following:

  • Implementing a process or an interface that allows individuals to access their customer data.

Accessing form submission data

By default, form submission data is stored in the Forms database. If a form submission is linked to an identifier such as a contact identifier or an email address, you can use SQL to access and update a specific individual’s personal information.

The organization is responsible for:

  • If relevant, implementing a process or an interface that allows individuals to access their form submission data. The following example assumes that you know which form field (represented by FieldItemID) contains sensitive data. Forms and form fields are created by business users. For more information, see Create a form.

    RequestResponse
    USE [sample_Sitecore.ExperienceForms]
    
    GO
    
    SELECT
        [ID],
        [FormEntryID],
        [FieldItemID],
        [FieldName],
        [Value],
        [ValueType]
    FROM
        [dbo].[FieldData]
    WHERE
        [FieldItemID] = '7d00533b-1cf2-4597-aaa0-01e09a01b7cc'
    AND [Value] = 'youremail'
    
    GO
    
Important

If you create a custom submit action that stores personal information in a third-party system such as a CRM, you are responsible for ensuring that individuals can access their data in that system.

Do you have some feedback for us?

If you have suggestions for improving this article,