EXM and GDPR in practice

In previous articles we covered GDPR in Sitecore in general and how to deal with it in Sitecore 9 Forms and WFFM Module. This time we’ll take a look at possible GDPR issues you may find in your implementation of EXM module in Sitecore 8.2.

Personal Data in EXM

You can find recipients personal data in EXM in “Preview email” feature, while creating email design in Email Experience Manager application:

This data is typically taken from list created in List Manager application. More precisely it’s loaded from sitecore_analytics_index (check previous post for dealing with personal data in List Manager).

After sending emails via EXM, it’s possible to check reports of the campaign in Email Experience Manager application. There you can find personal data of the recipients, which for example clicked on the links in email:

Data for the opening links from emails and for the other EXM related events is stored in Interactions collection in Analytics database (under Pages.PageEvents node). Mind that some events may contain additional personal data in the “Data” element.

This data is additionally saved in sitecore_analytics_index, e.g. the report you see above is using this index to display “Open and click rates”:

There is one more place in Interactions collection where you may find personal data, under Pages.CustomValues.SCExmHolder.ExmCustomValues node EXM saves recipient email address:

If you send email via EXM, Sitecore automatically creates engagement plan under /sitecore/system/Marketing Control Panel/Engagement Plans/Email Campaign/Emails for your email campaign. In Analytics database there will be new entries, containing recipients email address, in AutomationStates collection under CustomValues.ScExm.Email:

Summary:

Basically you can use all I described in previous article about GDPR in Sitecore for implementing user rights (right to be forgotten, data portability) and restricting access to EXM back-office. When the user subscribes to mailing list, this relationship is stored in Analytics database in Contacts collection, under Tags.Entities.ContactLists node, so remember to handle this data properly when you want to remove or export it for the user.

When removing entries from Analytics database in MongoDB and analytics index you can use custom code I described in previous post. There is one issue which you need to solve: when removing data from database you can use ContactId Guid to identify interactions for given user and then remove EXM related events, containing personal data (you will find list of them in sitecore content tree under /sitecore/system/Settings/Analytics/Page Events/EXM). But to remove those events from sitecore_analytics_index you need to use Sitecore.ContentSearch API to search and remove documents. It’s because they are not connected directly with Contact entity, but with Interactions (via InterationId), so first you need to find all the interactions and then remove EXM events for them.

After you anonymize contacts you should unsubscribe them from mailing list (you do it, by removing Tags.Entities.ContactLists node in MongoDb and related documents from sitecore_analytics_index), also you can update recipients count in the list items, to keep your data consistent. You can do it by using ListManager<TContactList, TContactData> class.

 

References

Configure Sitecore Email Cloud to comply with EU GDPR  https://kb.sitecore.net/articles/947205