With wide-ranging implications for all organisations, both in terms of initial compliance and increased workload now and in the future to ensure compliance, it’s important that you know you have a safe pair of hands to turn to when you need help with ensuring your Sitecore website, processes, and systems comply with the GDPR.
We’ve been working on our own compliance and how we can help our customers for some time now, and our team has undergone certified GDPR and data privacy training.
We can help you with the following aspects of GDPR compliance, and more...
Customer Comms Preference Centre
You may be marketing and communicating to customers through various means – post, email, telephone, SMS. Under the GDPR, you must allow customers to easily update the channels through which they want to hear from you. A Preference Centre on your Sitecore website, which is synchronised with your CRM system and email marketing tool, could be the ideal option.
Subject Access Requests
A customer may request to see the information you hold on them at any point in time. You need to comply with their request within 1 month. This means you need to know where all the customer’s data is, be able to get hold of it quickly and easily, and deliver it in a customer-friendly format. If your customer data is split across various systems, this can prove problematic.
We can help integrate your systems with your Sitecore website to ensure your customer data is in one place.
Right to be Forgotten Requests
A customer might ask that you remove all personal data that you hold on them. Again, disparate systems can make this task a real chore. Furthermore, we know you might need to retain some data, especially if it relates to a transaction, so that your business can report on it accurately in the future. In this case, simply anonymising all personal identifier information, so that the customer’s information has been ‘deleted’, could be the answer. We can make sure you comply with the right to be forgotten in the correct way for you.
As with many elements of the GDPR, good data discipline is key to compliance. This can mean ensuring systems containing customer data talk to each other in the right way. It can mean ensuring that your team have the right knowledge of data privacy laws to ensure they are always doing the right thing. It can mean having the right documentation and proof of the steps you have taken, or intend to take, to comply. It can also mean conducting privacy impact assessments (PIA) before undergoing any large-scale digital transformation work that touches customer data. Whatever your need, we have the technological and data discipline nous to help.
Customers must be given the option to opt out of automatic profiling. This has implications for those brands using personalisation on their website based on customer history or browsing habits. It may be that you require a pop-up on your website that explains to a visitor that not only are you using cookies, but that you tailor their experience on your website based on what they view or what they click or what they buy. It may be that you choose to record customer consent for this.
Whatever your need, with our knowledge of Sitecore personalisation and profiling, we can assist.
Obtaining Consent for Marketing
Whilst consent is not the only legal basis you could choose for the reason you market to customers, it is the one many companies are choosing to use. This means customers need to provide you with an affirmative opt-in action – which probably means a tick-box on your website confirming they are happy for you to communicate with them, along with a statement on why you’re collecting their data and how you will use it, and a link to your privacy notice. The date and time of the customer’s consent must be recorded, along with their communication preferences. We can help you set up the right forms and landing page structures on your Sitecore website to make this happen, as well as ensure all your systems – CRM, email, and website – are talking to one another, so that you can prove compliance.
Get in touch
If you'd like to talk to us about any aspect of GDPR as it relates to your Sitecore website, get in touch with us today. We'd be happy to help.