Sitecore 8.2 Update 7 and GDPR, part 2 - right to be informed

Continuing with the series about the Sitecore 8.2 Update 7 and the GDPR, the next topic is the right to be informed. It is described in the article 12 and 13 at General Data Protection Regulation site.

The individuals have the right to be informed about the collection and use of their personal data. The sites and applications must provide individuals with information including the purpose for processing their personal data, retention periods for that personal data, and who it will be shared with.

Sitecore can be configured by a developer to track the efforts to inform the users about the data collected through the privacy policy defined for the site. xDB can be extended to include a collection facet named Privacy Policy Acknowledgement.

When a user acknowledges the privacy policy, the xDB will store the Agreement Date and the Policy Identifier. This process can be done using the following classes and methods.

IContact contact = GetContact(); // Method to get the contact
IGdprStatus gdprStatus = contact.GetFacet<IGdprStatus>("GdprStatus");
IPrivacyPolicyAcknowledgementElement privacyPolicyAcknowledgementElement = gdprStatus.PrivacyPolicyAcknowledgement.Values.Create();
privacyPolicyAcknowledgementElement.AgreementDate = System.DateTime.UtcNow;
privacyPolicyAcknowledgementElement.PolicyIdentifier = "2.0.1"; // Version of the privacy policy

That’s it for today, next time the post will be about the rights of access and data portability.

Until the next post!