During our work with GDPR we discovered ways in which we could support our customers with their GDPR compliance journey, making things just a tad simpler in regard to keep track and control their data collection and user data access. This lead to implementations in the Umbraco CMS and Umbraco Forms. Implementations that are to be found in all Umbraco versions starting from Umbraco version 7.9.0 and Forms 7.0.0 - and as part of all Umbraco 8 releases.
These built-in features won’t automatically make you GDPR compliant. You have to do your own research and keep track of what exactly you need to set up and document in order to be compliant. But they do indeed make it simpler for you to keep track and control your data collection and user data access in Umbraco.
Built-in support for your GDPR compliance journey
Since Umbraco version 7.9.0, you get:
- General API for "logging of consent". This provides a simple way of registering that a person has given consent of any given action. This will allow for reporting and querying of an audit trail for consent for a person/action
- More detailed logging of user actions in the backoffice. The GDPR requires it to be possible to find out who has done what. For instance: "User X has given User Y permission to section Z"
- The ability to mark Members as 'sensitive'. If these are marked as sensitive, the values will not be displayed in the back office to any user unless they are part of a User Group that has been flagged to be able to read sensitive data
- The ability to export a member's saved data as a file. In the action menu on each member you can now export a file with all data stored for that particular member
Since Umbraco Forms version 7.0.0, you get:
- The ability to mark Form fields as 'sensitive' to hide them from certain types of backoffice users
- Forms will have an option to not store values at all in its default data store which will allow developers to use the Form’s workflows to store the form data in their own custom data store
We'll continue our focus on data privacy and protection going forward, and we'll implement best practices where necessary in future releases to make sure it gets simpler for all of us to stay compliant and take proper care of our client’s data in Umbraco.