Posted in GDPR, Microsoft, Sitecore, Uncategorized

Getting Ready for GDPR

The GDPR (General Data Protection Regulation) is a set of rules reforming privacy and security regulations that takes effect on 25th May, 2018. There are severe penalties for breaching the GDPR regulation and these can reach as high as 20 million euros or 4% of turnover. We can either look at this as a pain in the backside or as an opportunity

Why GDPR regulation necessary?

GDPR defines personal data as anything that can be used to directly or indirectly identify the person. Names, photos, email addresses, bank details, posts on social networking websites, medical information or even IP addresses.

Since then, Internet usage has become a great deal more widespread, and technological advances such as cloud storage and social media have changed the way data is processed and transferred. The rules needed updating, they needed to be uniform, and they needed to be applied more rigorously.

Business Impact:

  1. Appoint one of your directors to be accountable. This person should be suitably competent to handle the technicalities involved, and it’s worth considering where you want the accountability to fall – with IT, legal, marketing or elsewhere.
  2. Ensure you have safeguards in place: procedures to ensure data is confidential, accurate, available when necessary, backed up and encrypted.
  3. Ensure your suppliers are GDPR-compliant. Any service provider you use to process data has to comply with GDPR standards – and ensuring they do is on you.
  4. Ensure your customers, clients or website users have explicitly consented to their data being stored. This is a significant change, and most current measures are not sufficient. Your records need to prove that users have agreed to you storing their data – and failing to disagree is not enough. Crucially, users will also have a statutory right to have their data erased permanently from your records – so you’ll need the capacity to do that too.
  5. Ensure you’re explaining to users, in plain language, what data you’re holding, how long you’re holding it for, and how users can withdraw their consent. Your policy has to be simple and appropriate, as well as containing all the required information.
  6. Report breaches. Under GDPR, any breach of data protection must be reported to the Information Commissioner’s Office within 72 hours. You’ll need a robust process for detecting, reporting and responding to data breaches.
  7. Be prepared for more access requests. As people become more aware of their data privacy rights, they are likely to query the data you’re holding, and you’ll need to turn those requests around in good time.
  8. Ensure that any IT / Marketing related project has relevant process in place to screen against GDPR regulation. E.g. Agile project with user stories or IT projects with necessary risks highlighted and mitigated against

Key steps for preparation

  • Awareness, create necessary user stories for Agile projects / Make it part of requirements for all new projects. Log as Risks in projects that and make sure its mitigated
  • Keep track of all personal data you hold and where it came from, from a website perspective this could be:
    1. Contact Us Forms
    2. Newsletters
    3. Even signups
    4. User Registration
    5. Orders / Donations if ecommerce enabled
    6. Sharing / comments on blogs
  • Update your privacy statement, incorporate how rights will be adhered too
  • Check for the following rights are addressed for individuals
    1. the right to be informed;
    2. the right of access;
    3. the right to rectification;
    4. the right to erasure;
    5. the right to restrict processing;
    6. the right to data portability; (NEW)
    7. the right to object;
    8. the right not to be subject to automated decision-making including profiling
  • If storing data particularly in the cloud or with external suppliers make sure data is:
    1. Encrypted at rest and in motion, use https when submitting details.
    2. The encryption keys should be managed by the organisation and the the SaaS vendor
    3. Evaluate each SaaS offering to make sure it complies with GDPR
Posted in Microsoft, Sitecore

Microsoft and Adobe partnership, where does this leave Sitecore?

Adobe and Microsoft have been friends for a while, obviously they have had their history with flash and silver light…

Recently Microsoft and Adobe announced a major strategic partnership where Adobe said it would make Microsoft Azure its preferred cloud platform, and Microsoft said it would make the Adobe Marketing Cloud its preferred marketing solution for Dynamics 365 Enterprise Edition.

This makes sense as Adobe does not have its own CRM solution and for Microsoft it provides a powerful SAS offering for digital marketing. The one question it does raise is where does it leave Sitecore?

Sitecore announced its own strategic partnership with Microsoft, with support for Sitecore on Azure and a major investment in joint commerce solution development that joins Dynamics for Retail with the Sitecore Experience Platform.

Whilst Adobe’s main competitor is Sitecore there are various modules within Sitecore such as PxM (Print Experience Manager) that are actually utilising the Adobe creative suit.

Further Sitecore is very much a framework rather than a SAS offering. So my take on this is that Microsoft wins regardless and the market wins too as there are various options available.

There is also developments with a new standard data model called XDA (Experience Data Model) Given how many “Experience” modules Sitecore provides this just slots right in with the Sitecore lingo…

It will be great to see how things pen out, but one thing is for sure as is reflected by Microsoft Share price growth of 60% in the last year, Azure is a great success and all the partnerships ensure even more consumption on the Azure Cloud.