GDPR and ExpressionEngine¶
ExpressionEngine has tools to make compliance with regulations like the GDPR (external link) easy to comply with. GDPR (General Data Protection Regulation) has four main prongs: consent, record of processing, portability, and right to be forgotten. ExpressionEngine makes it easy to comply with these regulations, with infinite flexibility to also accommodate any regional or internal data privacy policies as well.
The biggest and most important aspect of GDPR is gaining user consent for processing their Personally Identifiable Information (PII), letting them easily withdraw consent, and only processing PII that the user has consented to. ExpessionEngine makes it easy to gain and manage user consent for any activity you can possibly imagine.
Add-ons may also have consent requests, and you can also make any Consent Requests you need. Some common examples might be a “Terms of Service” consent, or permission to use member’s email addresses for marketing purposes. To create any consent you can imagine, visit the Consents Settings. Then simply use the Consent tags to manage user consent and Consent Variables in your templates to act upon them.
ExpressionEngine records an audit log of all consents granted or withdrawn by a user. This is maintained indefinitely. If you ever need to prove or report an individual’s granting or withdrawl of consent, just visit your Consent Logs.
ExpressionEngine’s simple templating and flexible tags have always made data portability a menial task. You can simply construct a template to output any data you desire, in any format you want (HTML, XML, CSV, etc.). Since every ExpressionEngine site is different, and your content is wholly under your control, it is your responsibility to build any such templates—should you need them—to easily export data for visitors.
ExpressionEngine gives you two options as a site administrator to handle a user’s request to be forgotten. The first is quick and simple: delete them! 🚮
However, there are circumstances where you need to retain content or other records, while satisfying the user’s request to be forgotten. For example, if you are engaged in e-commerce, your sales records may need to be retained, while eliminating any PII for the user who made the purchase. In this and other situations where the data the user supplied is no longer needed for its original purpose, but content or administrative records need to be retained, you can Anonymize the member’s record.
Anonymization gets rid of any PII for the member record, but under the hood maintains the database connections necessary for member-dependent records to continue to be accessible. To anonymize a member’s record, visit the Member’s profile in the control panel, and click “Anonymize Member Record”.