Sitecore 9 and GDPR compliance

With the validity date of the general regulation for the protection of personal data (GDPR) approaching, we are frequently confronted with questions regarding how the new version of Sitecore is prepared in accordance with this regulation, especially in relation to xDB. The good news is that GDPR was thought of during the development of Sitecore 9. The new service layer of xConnect, which is used for any type of access to data in xDB (either from the system of a third party or directly from Sitecore CD or CM server) ensures that GDPR requirements can be met relatively easily.

All the Places where Personal Data is Located

The largest amount of the users’ personal data is obviously found in the xDB, where data may be stored from the Web Forms module,  social connectors, commerce and from other systems (for example, CRM). Furthermore, personal data is located in the database of Sitecore users’ accounts and in indexers like Lucene, Azure Search or  SOLR. You should inform users about the facts and reasons why personal data is stored in these places.

Privacy by Design

Sitecore’s access to the principle of Privacy by design is based on securing data in xDB by encryption at rest or in motion. This means that the data is encrypted during the state, when it is only stored in the database and it is not used by any process and also during communication among parts of the systems by means of xConnect, which takes place exclusively by encrypted HTTPS protocol.

The second access to the principle of Privacy by design disables indexing in the default settings, so-called PII data (personally identifiable information). Indexing can is enabled manually in the xConnect indexer configuration. For more information, go to:

At this point, you can clearly answer two key questions related to GDPR: Where are all the places that personal data is stored and how is the personal data secured?

The Right to be Forgotten

Sitecore 9 brings an elegant solution for cases of applying the right to be forgotten. The wrong way would definitely be to completely delete the user (contact) from the xDB. Sitecore allows you to call the ExecuteRightToBeForgotten method, which performs a so-called anonymization of the contact. It deletes all identifiers of the contact and attributes or values, which are identified as PII data. Data that cannot identify a specific person within the scope of anonymized contact in the xDB, will remain. At the same time, the ExecutedRightToBeForgotten attribute will be set to true.

Calling Off the Consent to Receive Marketing Information

Another case of the right that users are entitled to is calling off their consent to receiving marketing information. Once again, there is an elegant solution that removes the contact from all e-mail lists using the DoNotMarket method. Thanks to this method, the contact will not receive any marketing e-mails. This does not apply to transaction or service e-mails (for example, a notification that the password has expired).