How to Make Your Website GDPR Compliant with Sitecore

15th May 2018

We’re using our Sitecore expertise to help organisations give their audiences the ‘Right to be forgotten’

By now you’ll no doubt know that the consequences of GDPR non-compliance have the potential be very commercially unpleasant. With hefty fines and a whole host of unexpected, unplanned business disruption, not taking GDPR seriously is simply not worth the hassle from a commercial – and moral – perspective.

Each cog in the GDPR compliance machine must be metaphorically cleaned-up, well-oiled and set to work correctly in 2018’s political landscape.

One of these cogs is Sitecore. This is where we can help. Our recent article on GDPR goes into detail about how the General Data Protection Act affects any organisation using Sitecore. It also points you towards the first steps to finding a solution with our GDPR Sitecore audits.

So how are we helping organisations across a range of different industries comply with GDPR through Sitecore?

After we conduct a unique GDPR related audit of your Sitecore set-up and its approach to handling and storage of personally identifying information (PII). We are able to identify problem areas and provide solutions in order to make your website compliant with the new regulations. This could be invaluable advice to your business about how to best implement the various GDPR “user rights” using Sitecore.

We can also dig deep into methods of data retention and collection, to see whether this area of your business’ CMS allows you to comply with the new regulation.

Working across a range of industries to deliver GDPR compliance through Sitecore

Through a careful combination of our Sitecore expertise, insider multi-industry knowledge and the most Sitecore MVPs in the country, we’re able not to simply develop a one-size-fits-all tool for compliance, but to get deep down under the hood of your CMS and create a unique solution.

We’ve worked with a range of leading businesses in the IT services and law industries using Sitecore solutions to give users their individual rights in what is undoubtedly a strict industry with stringent rules regardless. For an international IT services company, we built a bespoke user interface that allowed users to specify the types of cookies they were consenting to being used as well as preventing new cookies being added.

Undertaking similar development projects in the finance industry, we have experience of producing ultra-personalised GDPR Sitecore solutions to combat a range of data protection law requirements.

Give customers control of their Sitecore cookies, give yourself peace of mind

One of the elements concerning a lot of our customers is Sitecore cookie control. For years, users have clicked ‘okay’ to accept cookies, and the choice has been black and white, yes or no. GDPR calls for more control over cookies, and our bespoke GDPR solutions have the option to give your customers complete transparency and multiple choices over which cookies they accept.

Give your customers control, give yourself peace of mind.

We can deliver a bespoke cookie control component that classifies cookies on your site into the GDPR compliant classifications:

  • Performance
  • Strictly Necessary
  • Functional
  • Targeting

Furthermore, we can empower users to prevent the setting of optional cookies by their type with one click.

A right to be forgotten, through Sitecore

Another aspect we’ve been working on with our clients is giving their customers the right to be forgotten through Sitecore. Also known as the ‘right to erasure’, the right to be forgotten means that individuals can request that their personal data be deleted under certain circumstances.

For many of our customers, we’ve created unique solutions that take the complex, individual intricacies of their Sitecore CMS and ensure that their customers are being given the right to be forgotten.

We have recently created a bespoke admin interface for one of our customers that allowed them to search for all the data held for a particular user and to anonymise it in one click.

It is the differentiating methods of doing this for each version of Sitecore that make it a bespoke process. In most cases we write the code to access different parts of the platform. Including the number of places where Sitecore holds data – indexes, SQL databases, xDB etc means that this can be a lot of code.

Want to make sure you’re compliant? Get in touch with us for a Sitecore GDPR audit

Whilst we would never claim to be lawyers, we have taken the time to do our research on the information that has been made available and we definitely can help you to get the most out of your Sitecore setup with a bespoke Sitecore related GDPR audit. Using our expertise and knowledge of multiple sectors and industries, we can help you reach compliance and avoid the consequences that will inevitably arise without abidance.

Get in touch with one of our experts today and be complaint.