Sitecore 8.2 Update 7 and GDPR, part 1 - right to erasure

As you probably know, the European Data Protection Regulation is applicable since May 25th, 2018 in all member states to harmonize data privacy laws across Europe. All the sites and applications that collect any data from users MUST compliant the new regulations described at General Data Protection Regulation site.

In general terms, GDPR for software vendors is about to apply all strategies available to understand what personal data is being collected, protect the privacy of that information, and provide ways to empower the end users to have control of their own data.

Most of the Sitecore vendors have started to take some actions to cover the new regulations. The initial step is to deeply understand the regulation, and then, the client and the vendor should asses what actions should be done to compliant the regulation.

From the software perspective, there are several actions that can be done to cover the most critical aspects described in the regulation. Sitecore has recently released Sitecore XP 8.2 Update 7 that brings some new features around the regulation. Sitecore 9 brings additional and built-in features around GDRP that will be covered in another post(s).

One of the aspects covered with the update is the right to erasure, also know as the right to be forgotten. Sitecore xDB stores the interactions of the contacts in the database. This release allows executing a new pipeline, removeContactPiiSensitiveData, to find and remove an individual’s data from xDB. 

The pipeline executes the following tasks:

  • It locks the contact so that no edits can be made
  • It removes all the contact personal and sensitive facets
  • It removes the contact identifier
  • It removes the device last known contact ID
  • It sets the Contact.GdprStatus.ExecutedRightToBeForgotten flag to true
  • It saves the contact
  • It removes personal and sensitive data from the interactions
  • It unlocks the contact

In order to execute this pipeline, you can use the following code lines:

var args = new Sitecore.Analytics.Pipelines.RemoveContactPiiSensitiveData.RemoveContactPiiSensitiveDataArgs(contactId)
{
  RemoveInteractionPiiSensitiveData = true
};

Sitecore.Pipelines.CorePipeline.Run("removeContactPiiSensitiveData", args);

That’s all for now. Next part will include some real examples of all the new pipelines applied over the Habitat example site. 

Until the next post!