GDPR’s Right to be Forgotten and Data Portability in Kentico 11

By Pavel Jirik in GDPR
·4 min read

It’s never easy to let go. But if someone asks you to forget about them, you just need to move on and get over it. That’s exactly the case of GDPR’s right to be forgotten. If any of your website visitors ask you to delete all their personal data, you have to do it. To make it slightly more difficult, there are some situations where you actually need to keep some of the data due to legal reasons.

In some other cases, the one who requested data deletion may have asked you to delete just some of the data. For example, their website activities or submitted forms.

As you can see, there is a lot of what can be requested, and we tried our best to deal with it in Kentico 11. It will never be bulletproof, as every company, business, or website has their own policies, rules, and integrations. But with the Data Protection application, much of the effort can be streamlined.

Bring It On!

If someone requests their data’s deletion based on the GDPR’s right to be forgotten, your first steps in Kentico 11 should lead you to the Data Application app and its Right to be forgotten tab:

Based on their email address, you can search for all the known data of the person and decide what should stay in the system and what should be deleted. Think twice before you delete the data, though! As it will be deleted from the system for good, and unless you have a latest backup of your database, it will not be recoverable.

This is what you could see after searching for someone’s email address:

Then it’s just a matter of a few clicks to select what should be erased and what should be left untouched:

There are quite a few checkboxes that can be ticked.

If all of them are left selected, then Kentico deletes all the data related to the contact (visitor). But as we wanted to give you much greater flexibility, you can delete only very specific data, as necessary. For example, if you want to delete only the newsletter subscription related data of the contact, you can! Do you wish to delete only the customer related data? No problem! Would you rather delete just the submitted forms’ data? Well, you are the boss! Deleting just the activities of the contact? Consider it done!

How does that sound? Not hard at all, is it?

You can be sure that the GDPR will throw some punches at you, definitely! Sometimes they will be easy, and sometimes they will be tougher, but with the right software solution, lawyers, and developers, you should be able to deal with the GDPR’s requests well.

True, you will need to stay super conscious in the upcoming years and decades, but in the end—it’s the safety of our (and your) personal data! No one likes to share their personal data with strangers…

Data Portability

There is also another thing that the Data Protection application can help you with. For whatever reason, any digital soul can ask you to send them all their data. But this time, they may want it in a machine readable form.

It could be because they want to look more cyborg, but on a serious note, they may just have decided to copy the data from one system into another. They may also need it for their own purposes, to just have a personal backup of the data.

Whatever the reason, in such a case, IT environments need to understand each other, and the best way to achieve it is by using a standardized approach. One of many, could be XML output, and that’s exactly what Kentico 11 does.

This way, the data can be easily transferred from the Kentico system into another one, and no bits are lost.

The difference between a simple list generated on the Right to access tab (if you haven’t read my blog post on this topic, feel free to dive into it, and the XML output on the Data portability tab is that the XML output contains even some other system related data. For example, the value of the ContactGUID property of the contact. It is a unique value that identifies the contact in the Kentico database (the marketer cries, the developer smiles).

Whether you need to deal with a data transfer or data access request, it should be simple for you now to distinguish between them both.

So, let’s see what the Data portability tab looks like in the Data protection application:

As you can see, it is nearly identical to previous tabs. Only the output is different. So, let’s search for the email address of the digital wanderer and see the result:

You may notice the different structure and additional values. Exactly as I mentioned earlier. Even though it may look unimportant at first, for a seamless transfer between different systems, it may be crucial.

Then it is up to you about what else you do with the list, but it always needs to follow the internal GDPR’s processes defined within your company. We have done our bit and made it easier for everyone using Kentico 11 to streamline the processes, and save time whenever and wherever possible.

Nevertheless, the upcoming GDPR storm can be withstood just fine, as long as you give yourself enough edge through the right tools and know-how!

How is your GDPR compliance preparation going? All data mapped, consents created, and processes for dealing with the GDPR’s rights in place? Let us know in comments! The topic of GDPR is one that is dear to our hearts. Check out some of the critical points you should be addressing here.

DISCLAIMER: All data and information provided in this blog post are for informational purposes only. Kentico makes no representations as to the accuracy, completeness, currentness, suitability, or validity of any information contained herein. We recommend consulting with a lawyer for any legal advice pertaining to GDPR compliance.

By Pavel Jirik in GDPR
Gartner report
We're a Challenger again in the
Gartner Magic Quadrant for WCM!