[Note: This post originally appeared as exclusive content on Kentico.com. Click here to read the complete article.]
Ever since the General Data Protection Regulation (GDPR) was approved by the European Union in 2016, data privacy has been dominating the attention of our industry for several years. Even with all this attention, a recent survey by the International Association of Privacy Professionals (IAPP) suggests that less than 50% of affected organizations are GDPR compliant.
In addition, there are many companies that have been slow to address data privacy issues because they do not fall under the scope of GDPR – perhaps they do not do business in European markets. However, the California Consumer Privacy Act (CCPA), set to take effect next year, has renewed the attention on data privacy, and will affect many U.S. companies that may have escaped the scope of GDPR. Even if a company does not fall under the scope of GDPR or CCPA, the writing is on the wall. Whether by future legislation, litigation, or the ability to do business with other companies, everyone will eventually need to face the consequences of data privacy regulations.
Fortunately, Kentico quickly addressed these regulations by creating the Data Protection application that shipped as part of Kentico 11, including features for tracking user consents, fulfilling personal data requests, and managing erasure requests. However, even with Kentico’s powerful features, compliance doesn't come out of the box. The simplest scenario imaginable -- an organization’s use of personal data that stays within the walls of Kentico -- still requires some custom development, the creation of formal policies and procedures, and employee training. In fact, the biggest impacts to data privacy go far beyond the scope of a specific platform, creating deep organizational and integration challenges.
In this article, I’ll dive more deeply into these challenges you need to consider as a developer…