Sitecore, GDPR, China's Cyber Security Law (CSL) & Data Protection Regulation (CDPR)

China has had strong data protection regulation for a while and it only seems to be getting tighter in 2019.  Increasingly, clients running Sitecore as their digital CXM platform require multi-regional deployments, and deploying solutions in the APAC region usually tends to pose a challenge.

A couple of years ago, it may have been easy enough to simply carve out some infrastructure local to China and direct all local language variant traffic to the instance. But this is no longer sufficient.

China seems to have taken a lot of articles from GDPR and continues to add to them and make privacy law even from stringent.

Sitecore has quite a few provisions OOTB for handling some of the GDPR articles and the other can be handled via either solution design, custom implementation or system architecture.

Here is are some of the ToDos related to CSL, CDPR as they relate to GDPR.

Compliance via solution design & custom implementation

CSL & GDPR: Implement consent and opt-in/opt-out preferences 

CSL & GDPR: Implement mechanism for accessing & editing and extracting PII data for right to rectification and right to data portability

CSL: Just in-time notification for opt-in for extended data processing activities

CSL: Opt-out of personalization and personalized advertisements

CSL: Clearly identify personalized experience design

CSL: Global privacy policies tailored and translated

CSL: Implement mechanism to withdraw consent

CSL: Testing 3rd party API security 

Compliance via system architecture & maintenance

CSL CDPR & GDPR: Sitecore provides OOTB mechanism for
  • Right of access
  • Right to erasure
  • Right to data portability
CSL, CDPR: Avoid cross-border data transfer violation with locally hosted data storage and processing and aggregation systems.

For Sitecore 9.1, I think it this means the following roles should be local to China (besides regional scaling of roles)

  • xConnect roles
  • xDB Collection DB
  • Reporting DBs
  • Forms DB
  • Web DB
  • Security DB
  • Shared and Private Session Storage
  • Cortex Processing DB
  • Universal Tracking DB
  • Cortex roles
  • xDB Index

CSL, CDPR: Supplementary or alternative system components and hosting for CRM, personal data, CDN, DAM, web analytics local to China

CSL, CDPR: Security assessment compliance and multi-level protection system based on the company’s information system grade

Also, highly recommend reading Sitecore's white paper on GDPR.



Comments

  1. Apex PrivacyApril 15, 2020 at 5:27 PM

    This information is meaningful and magnificent which you have shared here about the GDPR. I am impressed by the details that you have shared in this post and It reveals how nicely you understand this subject. I would like to thanks for sharing this article here. Online Data Protection Officer

    ReplyDelete
  2. Ana CyberJune 23, 2021 at 4:59 PM

    Thank you for sharing this news. Cyber security measures must be taken by individuals, and companies to protect their data, devices, networks, systems etc. from potential security threats and cyber attacks. Glad to come across this, great blog. Cyber crime investigator India

    ReplyDelete

Post a Comment

Popular posts from this blog

First look at Sitecore XM Cloud: Part 4 - Creating a new Site

Image
 Once you have successfully create an environment, you can go ahead and create your first site. In order to create a new Site, you need to launch the Sitecore Launchpad by clicking on the "XM Cloud Launchpad": Click on "Sites" menu to create a new Site: Click on "Add your first website" button to start the wizard. I chose the "Basic Site" template: Enter a Site name and pick a language and click on "Create website" button. You will see the following screen while your Site is being created: Once the Site is created, you can edit it in Pages or Explorer using the context menu: Explorer view of the Site: 1. "Details" view of page. 2. "Content" view of page: Unfortunately, trying to load the new Site in pages gives "Unable to connect to remote server"
Read more

RESOLVED: Solr Exceptions - Document contains at least one immense term in field

If you implemented Solr with Sitecore using Solr 5.x, you may run into the following error when indexing extremely large content in string fields: org.apache.solr.common.SolrException: Exception writing document id <xxxuniqueid> to the index; possible analysis error. Caused by: java.lang.IllegalArgumentException: Document contains at least one immense term in field="<xxxfieldname>" (whose UTF8 encoding is longer than the max length 32766), all of which were skipped. Please correct the analyzer to not produce such terms. The prefix of the first immense term is: '[10, 9, 9, 10, 32, 32, 32, 32, 32, 32, 82, 84, 82, 83, 32, 70, 97, 99, 105, 108, 105, 116, 121, 32, 10, 32, 32, 32, 32, 84]...', original message: bytes can be at most 32766 in length; got <intgreaterthan32766> Caused by: org.apache.lucene.util.BytesRefHash$MaxBytesLengthExceededException: bytes can be at most 32766 in length; got <intgreaterthan32766> This is due to the fa...
Read more

Is Rendered Item Valid XHtml Document Could not find schema information warnings during publish item Sitecore 7.2

Image
Note: Since we now live in the HTML5 world, the simple resolution to any XHtml validation errors is to remove the XHtml validation rules on  System->Settings->Validation Rules->Global Rules item. Sitecore should update it's validation rules to be relevant to HTML5. This make the rest of this post obsolete :). I created a simple approval workflow in Sitecore 7.5 and tried to approve an item for publishing and found a bunch of validation errors in the Validation Results. Most of them were related to the "Is Rendered Item Valid XHtml Document" section which looked like this: The problems were related to violations of the W3C HTML5 recommendation An important note here is: The element containing the character encoding declaration must be serialized completely within the first 1024 bytes of the document. Adding the following xmlns attribute to the Html tag fixed most of the errors: <html lang="en" xmlns="http://www.w3.org/1999/...
Read more