Right to data portability

Abstract

Guide to exporting an individual's personal contact, user, customer, and forms data.

Applies to

GDPR, CCPA

Warning

This Privacy Guide provides technical guidance on how your developers can choose to configure your Sitecore product implementation to support you with data privacy compliance. This guide does not provide exhaustive guidance, and should not be construed or used as legal advice about the content, interpretation, or application of any law or regulation. You, the customer, will always be in the best position to assess your own risks, and must seek your own legal counsel to understand the applicability of any law or regulation to your business, including how you process personal information. Your resulting implementation is based entirely on your own configuration choices.

The right to data portability concerns the individual’s right to obtain and reuse their personal information. This topic describes how the Sitecore product facilitates the ability to export the individual’s data to a machine-readable format.

Within your Sitecore implementation, you can:

  • Use the xConnect API to export a contact’s data and interaction history to JSON.

The organization is responsible for:

  • Implementing an interface or a process that allows individuals to export their contact data.

  • Ensuring a user is authorized to access requested data.

Within your Sitecore implementation, you can:

The organization is responsible for:

  • Converting profile data to JSON or another machine-readable format.

  • Implementing an interface or a process that allows individuals to export their user data.

  • Ensuring a user is authorized to access requested data.

Within your Sitecore implementation, you can:

The organization is responsible for the following:

  • Converting customer information to JavaScript Object Notation (JSON) or another machine-readable format. The final product must have a simple data structure and associative arrays where the information must be language and machine independent.

  • Implementing an interface or a process that allows individuals to export their customer data.

  • Ensuring a user is authorized to access requested data.

By default, form submission data is stored in the Forms database. If a form submission is linked to an identifier such as a contact identifier or an email address, you can use SQL to access and export a specific individual’s personal information.

Important

If you create a custom submit action that stores personal information in a third-party system such as a CRM, you are responsible for ensuring that individuals can access their data in that system.