Posted in GDPR, Sitecore

Sitecore and GDPR

It’s now been over a year since I have had the opportunity to work with Sitecore in a hands on capacity. As you may or may not know Sitecore has continued to make it on the top right hand corner of the Gartner Magic Quadrant.

Sitecore has a huge amount of functionality and in my opinion one of the most functionally rich and scalable content management platforms out there. More importantly it comes with a lot of key features that can be leveraged for GDPR conformance.

A key feature of Sitecore is to personalise content for its users and it can do it at a very granular level. Features such as displaying the most relevant content make Sitecore a pleasure to use. On the other hand I feel that many people might be under the misconception that by utilising Sitecore’s marketing features they will not be GDPR compliant.

The following are my list of key points that support my view that by good configuration its perfectly straightforward to become compliant.

  • Since version 8.2 IP addresses are already anonymised and are hashed, or there is the option not to save the IP address at all. Instead Sitecore can use a Cookie on the user machine, obviously this would need to be in the website privacy statement.
  • With XDB there is a way to find, update and remove personal data that’s been collected. This is great for managing a situation where people have the right to update their information or the right to get forgotten.
  • EXM support double opt in and verification of identify and there is a sophisticated List manager.
  • There are built in configurable audit logs to prove data has been added, updated or deleted, one can choose how long these logs are kept. More importantly they can be used for proof that data was actually deleted.
  • Data exchange framework for integration with other systems can be a powerful way to synchronize changes, including bidirectional sync.

Further Sitecore is built on infrastructure that is GDPR compliant, there is the option to use Mlabs for the XDB database and as its delivered as SaaS encryption of data at rest or in transit is provided as standard with both Amazon and Google cloud hosting options.

I am really getting into Sitecore and am excited about its capabilities, so am devoting more time learning about this amazing customer experience solution.