UPDATE: A new page on the Sitecore site outlines product features that may be configured in consideration of GDPR compliance (by version) LEARN MORE
Recent personal identifying information (PII) features and enhancements seem to be well documented in Sitecore 9, but it’s a bit harder to dig up information surrounding the EU General Data Protection Regulation (GDPR) and considerations within v8.2. In April, I noticed “The Right to be Forgotten” feature was described in release notes for SXP 8.2 Update-7. The recent rollout of GDPR enforces tighter personal data restrictions, and this feature could support allowing users to erase stored information relating to them.
In Update-7, a GdprStatus facet has been added to contact records in xDB. There are also several new contact facets which support privacy compliance including: Privacy Policy Agreement (date), Privacy Policy Version (number), and Right to be Forgotten (boolean). Custom contact facets can be assigned the new attribute PIISensitive, and a new pipeline has been added to support the removal of PII Sensitive Data.
I’ve seen a couple demos that showcase Marketing Automation campaigns to accomplish setting these fields. In Sitecore 9, The entire Marketing Automation tool has been rebuilt and refreshed with an UI overhaul that allows intuitive drag-and-drop configuration for actions, but the Marketing Automation functionality in v8 is not quite as intuitive. New features and improvements in this update seem to reduce the effort necessary to create components which address various privacy concerns.