At Sitecore, we understand the value of data and the importance of protecting it. Like all globally engaged companies, Sitecore has reviewed how it collects and processes personal data in its internal and external operations with customers, partners, vendors and employees, to ensure ongoing compliance with evolving global privacy laws, including the European General Data Protection Regulation (GDPR).
Sitecore is committed to the privacy-first philosophy of the GDPR and emulating that in all of our processes and products. Our Privacy Team took steps to implement a GDPR compliance plan that covered all areas of our business, including the following:
- Building an accountable Privacy Team: With a Data Governance Committee comprised of Sitecore C-suite members from the Legal, Security, Marketing, Customer Operations, Product, and Sales teams, and supported by a Privacy Steering Group, Sitecore has implemented top-down awareness of our privacy and data governance framework to ensure accountability in all of our business processes.
- Organizational measures: We reviewed our internal processes to ensure that we have improved internal guidelines and thresholds on who we work with and engage as vendors, reviewing our contracts to ensure that appropriate contractual mechanisms are in place before sharing data, implementing structures that incorporate privacy by design in our product review cycles and establishing protocols for responding to data subject requests.
- Technical measures: We have improved our internal security measures to ensure greater asset management and encryption on portable devices, as well as updating our internal security policies to deal with new legal requirements.
Further information on Sitecore's compliance efforts will be made available on this Trust Center. If You have any specific queries in the meantime, please contact us at email@example.com.