Personalisation and PII

Personalisation and PII

by James Derry

When content is “tuned” to the visitor based on implicit actions from that visitor, the record of their actions can constitute Personally Identifiable Information (PII) and is thus part of the GDPR Directive

With 25th May looming, you will have probably assessed your client personal data flow, but have you thought about the impact of GDPR on personalisation and tracking data on your site?

The GDPR defines "personal data" as data "relating to any living individual who can be identified from that data" which covers the use of:

  • - Cookies
  • - IP addresses
  • - Geo-location
  • - Activity history.

Sitecore is a Customer Engagement Platform, with its core strength in being able to identify a visitor’s actions and dynamically personalise content on the site they are visiting. It does this by combining all these types of data and keeping record in the xDb. This data constitutes PII, so as soon as your site starts to personalise with Sitecore xDB this data is part of the GDPR directive.

So, one of the first actions that the directive requires is that you inform people of the data that you plan to collect, and the way that you plan to use it. Essentially this is a little like the “Cookie banner” that you see on many sites.

At Nemetos, we can help you to implement this new functionality that allows the visitor to effectively “turn off” personalisation (and cookies) or accept them to improve their experience.

Incidentally (and this is a small aside) explaining why you would want to personalise data, or collect cookies is a worthwhile investment. As an example, this is a small video from The Guardian to explain "Why your data matters to us

A further expectation of the Directive is to allow a person to demand the information that is held about them. This means that you need to know precisely what data is being collected, and you need to be able to present this back to the visitor in a readable format (assuming that the visitor can prove who they are - another small minefield). Nemetos can help you map the data that is collected, and then feed this back in a presentable format to the visitor based on correct authentication.

In the long term, the imminent ePrivacy Regulation will change the way companies will need to handle personalisation as these settings may be pushed up into the browser. We can work with you to handle the initial GDPR requirements and create a fully aligned approach, harnessing the intelligence of Sitecore 9 to identify browser settings and flag these up to users.

Why Nemetos?

Alongside your team, we can help you develop the necessary #CDR solutions using customised solutions that allow visitors to your site the opportunity to dictate the level of personalisation and related activities in a transparent and responsible way.

Our integrated solutions will allow you to continue to derive as much value as ever from the benefits of personalisation while reassuring visitors to your site that you handle data responsibly, enhancing customer trust.

If you have any questions about GDPR, developing a Corporate Data responsibility program for your Website or how to implement Sitecore 9 on your site, don’t hesitate to get in touch.

  1. 1. Corporate Data Responsibility
  2. Personalisation and Personally Identifiable Information (PII)
  3. 3. How to avoid a #DeleteFacebook debacle: CDR surfacing solutions

#CorporateDataResponsibility, #CDR, #GDPRcountdown

Join our Webinar: GDPR and Corporate Data Responsibility:

Practical steps to ensure your website is compliant.

Date: Wednesday 9th May 2018

Time: 10:00-10:45am GMT

Sign up for our webinar now