With GDPR, companies need to be able to recall what information is being collected about their visitors and give them the option to “turn off” their own Personal Identifiable Information (PII) data collection. In order to do so, companies need to form a plan on how to align themselves with GDPR.
In previous blogs, we have suggested that companies create “Corporate Data Responsibility” (CDR) policies in line with their Corporate Social Responsibility (CSR) which, at a minimum would avoid similar scandals to the ‘Facebook’ scandal but at best will build customer trust and enhance your brand.
CDR Bill of Rights
As part of your CDR strategy, GDPR introduces a series of rights which empower individuals to “own” their own PII. We can call them a CDR ‘Bill of Rights’.
These include, among others, giving individuals:
- – The right of access to any of their PII that you’re processing and storing
- – The right to rectification of incomplete or inaccurate PII you may have
- – The right to erasure – known as the “right to be forgotten” or the permanent deletion of their PII
- – The right to restrict processing of their own PII
- – The right to data portability – so that individuals can reclaim their own PII on demand in a readable format.
All in all, your systems must be able to instantly identify and surface any PII you have on demand. But the big question is: how can you allow for this without huge amounts of effort?
Sitecore XP 9 including privacy by design on your site
Sitecore’s White Paper on Sitecore XP 9 and GDPR runs through the many ‘privacy by design’ functionalities of Sitecore XP 9 which meet each of these (and more) CDR Rights in turn.
Notable features in Sitecore XP 9 include the Sitecore xConnect’s API “GetContactAsync” which allows you to retrieve a full contact profile for a given contact; including all known data and historical behaviour, offering you easy and accessible information to recall to your visitors when requested.
The same feature allows your visitors to “ExecuteTheRightToBeForgotten”. This functionality irreversibly anonymises PII, again keeping you in line with GDPR.
So Sitecore XP 9 addresses the CDR Bill of Rights when it comes to your site. But what about PII you have stored on your CRM and EXM databases? Ideally, you want to extend the Sitecore XP 9 privacy by design functionalities to sync up with all customer PII you have stored, wherever it may be, and this is how Nemetos can help.
CDR surfacing solution
Here at Nemetos Tanasuk, we can help you to develop an integrated CDR solution for surfacing PII. Our teams have experience in building customised web interfaces for your specific CRM and EXM databases and Sitecore. This would mean that customers could access their own profiles on your CRM database from your site directly. They could then take ownership of their own PII, amending and managing their preferences as they see fit so that each customer profile becomes its own ‘preference centre’ rather than black and white opt outs.
Most importantly, our applications are ‘tried and tested’ at respecting the CDR preferences selected by each customer exercising their newfound data rights, winning trust and creating a serious competitive advantage for you.
- 1. Corporate Data Responsibility
- 2. Personalisation and Personally Identifiable Information (PII)
- 3. How to avoid a #DeleteFacebook debacle: CDR surfacing solutions
- 4. Responsible PII Practices
#CorporateDataResponsibility, #CDR, #GDPRcountdown
Join our Webinar: GDPR and Corporate Data Responsibility:
Practical steps to ensure your website is compliant.
Date: Wednesday 9th May 2018
Time: 10:00-10:45am GMT