Description

At Sitecore, we understand the value of data and the importance of protecting it. Like all globally engaged companies, Sitecore has reviewed how it collects and processes personal data in its internal and external operations with customers, partners, vendors, and employees, to ensure ongoing compliance with evolving global privacy laws, including the European General Data Protection Regulation (GDPR).

Sitecore is committed to the privacy-first philosophy of the GDPR and emulating that in all of our processes and products. Our Privacy Team took steps to implement a GDPR compliance plan that covers all areas of our business, including the following:

• Building an accountable Privacy Team: With a Data Governance Committee comprised of Sitecore C-suite members from the Legal, Security, Marketing, Customer Operations, Product, and Sales teams, and supported by a Privacy Steering Group, Sitecore has implemented top-down awareness of our privacy and data governance framework to ensure accountability in all of our business processes.
• Transparency, Notice, and Choice: We have updated our Privacy Policy to ensure that those whose data we collect understand how it will be processed and can make informed choices about whether to share their data with us.
• Organizational measures: We reviewed our internal processes to ensure that we have improved internal guidelines and thresholds on who we work with and engage as vendors, reviewing our contracts to ensure that appropriate contractual mechanisms are in place before sharing data, implementing structures that incorporate privacy by design in our product review cycles and establishing protocols for responding to data subject requests.
• Technical measures: We have improved our internal security measures to ensure greater asset management and encryption on portable devices, as well as updating our internal security policies to deal with new legal requirements.
  

For technical guidance on how you can choose to configure your Sitecore implementation, refer to the following documentation:

• Privacy guide (GDPR) for developers for Sitecore XP 9.0 and higher releases.
• Technical guidance for GDPR (including EXM and Sitecore Commerce) for Sitecore XP 8.2.x releases.

Further information on Sitecore's compliance efforts will be made available on the Sitecore Trust Center. If you have any specific queries in the meantime, please contact us at privacy@sitecore.com.