Sitecore, GDPR, China's Cyber Security Law (CSL) & Data Protection Regulation (CDPR)

China has had strong data protection regulation for a while and it only seems to be getting tighter in 2019.  Increasingly, clients running Sitecore as their digital CXM platform require multi-regional deployments, and deploying solutions in the APAC region usually tends to pose a challenge.

A couple of years ago, it may have been easy enough to simply carve out some infrastructure local to China and direct all local language variant traffic to the instance. But this is no longer sufficient.

China seems to have taken a lot of articles from GDPR and continues to add to them and make privacy law even from stringent.

Sitecore has quite a few provisions OOTB for handling some of the GDPR articles and the other can be handled via either solution design, custom implementation or system architecture.

Here is are some of the ToDos related to CSL, CDPR as they relate to GDPR.

Compliance via solution design & custom implementation

CSL & GDPR: Implement consent and opt-in/opt-out preferences 

CSL & GDPR: Implement mechanism for accessing & editing and extracting PII data for right to rectification and right to data portability

CSL: Just in-time notification for opt-in for extended data processing activities

CSL: Opt-out of personalization and personalized advertisements

CSL: Clearly identify personalized experience design

CSL: Global privacy policies tailored and translated

CSL: Implement mechanism to withdraw consent

CSL: Testing 3rd party API security 

Compliance via system architecture & maintenance

CSL CDPR & GDPR: Sitecore provides OOTB mechanism for
  • Right of access
  • Right to erasure
  • Right to data portability
CSL, CDPR: Avoid cross-border data transfer violation with locally hosted data storage and processing and aggregation systems.

For Sitecore 9.1, I think it this means the following roles should be local to China (besides regional scaling of roles)

  • xConnect roles
  • xDB Collection DB
  • Reporting DBs
  • Forms DB
  • Web DB
  • Security DB
  • Shared and Private Session Storage
  • Cortex Processing DB
  • Universal Tracking DB
  • Cortex roles
  • xDB Index

CSL, CDPR: Supplementary or alternative system components and hosting for CRM, personal data, CDN, DAM, web analytics local to China

CSL, CDPR: Security assessment compliance and multi-level protection system based on the company’s information system grade

Also, highly recommend reading Sitecore's white paper on GDPR.



Comments

  1. Apex PrivacyApril 15, 2020 at 5:27 PM

    This information is meaningful and magnificent which you have shared here about the GDPR. I am impressed by the details that you have shared in this post and It reveals how nicely you understand this subject. I would like to thanks for sharing this article here. Online Data Protection Officer

    ReplyDelete
  2. Ana CyberJune 23, 2021 at 4:59 PM

    Thank you for sharing this news. Cyber security measures must be taken by individuals, and companies to protect their data, devices, networks, systems etc. from potential security threats and cyber attacks. Glad to come across this, great blog. Cyber crime investigator India

    ReplyDelete

Post a Comment

Popular posts from this blog

Is Rendered Item Valid XHtml Document Could not find schema information warnings during publish item Sitecore 7.2

Image
Note: Since we now live in the HTML5 world, the simple resolution to any XHtml validation errors is to remove the XHtml validation rules on  System->Settings->Validation Rules->Global Rules item. Sitecore should update it's validation rules to be relevant to HTML5. This make the rest of this post obsolete :). I created a simple approval workflow in Sitecore 7.5 and tried to approve an item for publishing and found a bunch of validation errors in the Validation Results. Most of them were related to the "Is Rendered Item Valid XHtml Document" section which looked like this: The problems were related to violations of the W3C HTML5 recommendation An important note here is: The element containing the character encoding declaration must be serialized completely within the first 1024 bytes of the document. Adding the following xmlns attribute to the Html tag fixed most of the errors: <html lang="en" xmlns="http://www.w3.org/1999/
Read more

Sitecore Tabbed Select Rendering dialog

Image
If you aren't already doing this, you should be! Found an interesting module (unable to find it on Sitecore Marketplace) to show renderings grouped into tabs while using the Select Rendering dialog from page editor. The idea is to go from this: To: The approach is promising with a few updates: Tried implementing it by inheriting from SelectRenderingForm and it did not work. No rendering items were being listed. Had to decompile Sitecore.Client.dll and copy the code from Sitecore.Shell.Applications.Dialogs.SelectRendering.SelectRenderingForm Had to comment the following line in OnLoad  this.Renderings.InnerHtml = this.RenderPreviews((IEnumerable<Item>)renderingOptions.Items); Found a few issues with the styles, could have be an updated style sheet for Sitecore 7.5, but had to add the following attributes to the tabstrip Background="white" Padding="0px" style="position:absolute; width:100%;top:0px" Here is a detailed description of my implementati
Read more

RESOLVED: Solr Exceptions - Document contains at least one immense term in field

If you implemented Solr with Sitecore using Solr 5.x, you may run into the following error when indexing extremely large content in string fields: org.apache.solr.common.SolrException: Exception writing document id <xxxuniqueid> to the index; possible analysis error. Caused by: java.lang.IllegalArgumentException: Document contains at least one immense term in field="<xxxfieldname>" (whose UTF8 encoding is longer than the max length 32766), all of which were skipped. Please correct the analyzer to not produce such terms. The prefix of the first immense term is: '[10, 9, 9, 10, 32, 32, 32, 32, 32, 32, 82, 84, 82, 83, 32, 70, 97, 99, 105, 108, 105, 116, 121, 32, 10, 32, 32, 32, 32, 84]...', original message: bytes can be at most 32766 in length; got <intgreaterthan32766> Caused by: org.apache.lucene.util.BytesRefHash$MaxBytesLengthExceededException: bytes can be at most 32766 in length; got <intgreaterthan32766> This is due to the fa
Read more