GDPR checklist
A Quick Check for Compliance
With GDPR in full effect, we wanted to provide a simple checklist for you to make sure your Scrivito projects are compliant. When using the Example App as the basis for your project, there are several features built in to help. Additionally, as Scrivito is an EU-based company, we work to provide GDPR-compliant products for our customers and assist where we can.
What is GDPR? In a nutshell, if you track or collect data from visitors to your website and they are in the EU, you need to collect the data in a GDPR-compliant way. There are three main points to these requirements: explicit consent, right to access, and right to be forgotten. Further, storage of personally identifiable information (PII) of EU citizens must be stored in the EU. GDPR is a complex topic, and we are only scratching the surface here, so it is recommended to discuss your specific requirements and liabilities with a qualified data protection officer or lawyer.
- Explicit consentRequires capturing consent to track and store data about a user or visitor
- Right to accessCaptured data needs to be accessible within 30 days of request in a machine-readable format
- Right to be forgottenCaptured data must be completely deleted within 30 days of request
Scrivito.com GDPR Checklist
Scrivito Example App Checklist
The Example App is designed to be GDPR compliant by default. When adding tracking or data capturing features to the Example App, you should also activate the cookie consent feature by adding a link to your privacy policy in the site settings of the homepage. The functionality was designed for the features included in the Example App. Should you add custom features to your project, which require tracking, additional steps should be followed to include the new features in the consent policy.
1The forms in the Example App all have a consent field which, when activated, are required for form submission. The consent text is sent as part of the form data so it can be tracked with the users’ data in case of a GDPR audit. Additionally, the contact form can be customized to store data to whichever backend you choose, which needs to be GDPR compliant. By default, as an example implementation, our widget utilizes Netlify Forms which might require a data processing agreement (DPA) between you and Netlify because they store data also in the US.
Your GDPR Checklist
Additional information about how Scrivito helps you to be GDPR compliant can be found in our compliance documentation and terms of service.
Scrivito CMS: der Content-Hub für Ihre Websites und Apps
Scrivito CMS ist unsere komplette Unternehmenslösung für Digital-Experience-Plattformen, Websites und Webanwendungen der nächsten Generation. Als Software as a Service benötigt Scrivito keine IT-Wartung. Das Content-Management-System ist äußerst flexibel und erfüllt höchste Sicherheitsstandards.
