Neil Killen

Sitecore released update 7 for Sitecore 8.2 in April 2018 (ver 180406). This release includes some important features to make it easier for you to be compliant with the new GDPR regulations that came into effect today May 25th, 2018.

These features include:

• The Contact Segmentation Index was updated to be compatible with the Right to be forgotten feature. This includes cases where tags, pages, and page event documents should be removed, as well as cases where the updates would have been ignored because of the setting to avoid indexing anonymous contacts.
• To enable an organization to implement the Right to be informed as part of GDPR, the new Sitecore.Analytics.Model.Entities .IGdprStatus contact facet has been added. This facet contains the ExecutedRightToBeForgotten boolean field that indicates whether the Right To Be Forgotten has been executed for the contact. The facet also contains the PrivacyPolicyAcknowledgement collection that contains an audit trail of when the contact acknowledged the organization’s privacy policy. Each item contains the following fields:
  • Agreement Date – the date when the customer confirmed that they agreed to the organization’s latest privacy policy.
  • Policy Identifier – the unique identifier for the policy. This can include the version number.
• To enable an organization to implement the Right of access and the Right to data portability as part of GDPR, the contact repository API was extended to retrieve the complete interaction history of a given contact. The Sitecore.Analytics.Data.ContactRepositoryBase.GetInteractionCursor method can be used to enumerate the contact’s historical interactions, loading them in batches of a desired size.
• To enable an organization to implement the Right to be forgotten, a new removeContactPiiSensitiveData pipeline has been implemented.

Additional Resources

• General Data Protection Regulation
• Practical Application of the GDPR for Marketers: Data Retention, Erasure, Access Requests, Preference Management
• Practical Application of the GDPR for Marketers: Data Security & International Transfers
• Practical Application of the GDPR for Marketers: Consent and Data Governance
• Sitecore Experience Platform 8.2 Update-7
• Sitecore 8.2 update 7 Release Notes
• Technical guidance for GDPR (including EXM and Sitecore Commerce)
• Tomek Juranek has written a really good article on how these features could be implemented – Sitecore and GDPR in practice