Right to rectification
Applies to |
GDPR |
---|
This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.
The right to rectification concerns the individual's right to have their data rectified if it is inaccurate or incomplete. This topic describes how to update contact, user, and customer data.
Some data is automatically synchronized between entities. For example, if a customer’s first or last name is updated from the BizFX role, that data is copied to the associated contact entity. Refer Links between individual entities for more information.
Updating personal information for a contact
Within your Sitecore implementation, you can:
-
Use the xConnect API to update a contact’s personal information.
The organization is responsible for:
-
Implementing a process or an interface that allows individuals to access and update their data.
You can create a custom submit action for Sitecore Forms that updates a contact’s personal details.
Updating personal information for a user
Within your Sitecore implementation, you can:
-
Use the Security API to update a user’s personal information.
The organization is responsible for:
-
Implementing a process or an interface that allow users to access and update their data.
Updating personal information for a customer
Within your Sitecore implementation, you can:
-
Use the Commerce Service API to update a customer’s personal information.
The organization is responsible for:
-
Implementing a process or an interface that allows customers to access and update their data.
Updating form data
By default, form submission data is stored in the Forms database. If the xDB is enabled, all form submissions are associated with a contact ID. By default, there is no API to update submitted data in the Forms database but you can extend the FormDataProvider
to implement a new API that uses SQL to access and update personal information based on Contact Id. You also need to expose a mechanism by which the individual can trigger a query to erase their data, for example, by implementing a custom submit action that updates the contact information.
You can do this in a fashion similar to what is detailed in the topic Walkthrough: Creating a custom submit action that updates contact details except the submit action updates contact information stored in the Forms database instead of updating contact details stored in xConnect.
In CMS-Only mode, form submissions are not associated with a Contact ID (the Contact ID is NULL). Therefore, if you store email addresses or other personal information that can be used to identify an individual, you can use SQL to access and update a specific individual’s personal information.
If you create a custom submit action that stores personal information in a third-party system such as a CRM, you are responsible for ensuring that individuals can access their data in that system.