How will the Sitecore Platform Tackle GDPR?.


If you work in the Digital Marketing sector, the General Data Protection Regulation (GDPR) is no stranger to you, and as the Enforcement date 25 May 2018 draws closer, we’re hearing more and more about it.

In this blog I will be exploring how GDPR features within the Sitecore platform and how those currently using the platform or considering a migration to it will be able address the regulation.

Sitecore 9

GDPR has been considered during the development of the latest release, Sitecore 9. You can find a number of privacy-by-design principles and new marketing features including the ‘Right to be Forgotten Feature’ of which I will focus on through this piece.

As an important marketing feature, Sitecore XDB collects personal data about site visitors; which is, of course, encrypted and protected. However, this data does contain sensitive PII data, so what happens if a someone requests for it to be erased?

The new feature in Sitecore allows you to anonymise this contact/visitor by executing the RightToBeForgotten method in the the Sitecore xConnect API. Once executed, the following contact changes will occur:

  • Deletion of all identifiers - known and anonymous
  • Clears all facets or facet properties marked PII sensitive
  • If a facet is marketing PII sensitive the entire facet is deleted
  • If a facet property is marked PII sensitive that property is rest to its default value
  • Consent information ExecutedRightToBeForgotten is set to true

To execute, call the ExecuteRightToBeForgotten and pass the contact in as argument.


A detailed example of how to implement this method can be found here.

Sitecore 8.2

A recent update, Sitecore 8.2 update 7, has recently been released which enables The Right To Be Forgotten; a new remove contact PII sensitive data pipeline has been implemented.

To call this pipeline, all you need to do is pass the contact's GUID as argument, then it will do all jobs for you - including remove contact sensitive data in MongoDB, search index or even AutomationStates. Nice and Simple?

Sitecore.Pipelines.CorePipeline.Run("removeContactPiiSensitiveData", new


Sitecore 8.0 and 8.1
Sagittarius have recently released their exclusive Sitecore 8.x GDPR Tool which will enable those on any version of 8 or 9 to implement the Right To Be Forgotten or the extraction of data. Find out more.

That’s everything for today about the Right to be Forgotten feature but as I said there are so many more features to try out in the latest release of Sitecore to help your brand prepare for GDPR!

Want to learn more about Sitecore? Speak to a member of our team today!



18 May 2018 - 6 minute read
share this

stay in the know, stay ahead.

Get the latest from the agency, including news, events and expert content.
explore services in the article
find out what we can do for you
read some of our case studies