Measurable Success «10 Checkpoints for Future-Proof Enterprise CMS» White Paper
Measurable Success - White Paper

GDPR checklist

A Quick Check for Compliance

With GDPR in full effect, we wanted to provide a simple checklist for you to make sure your Scrivito projects are compliant. When using the Example App as the basis for your project, there are several features built in to help. Additionally, as Scrivito is an EU-based company, we work to provide GDPR-compliant products for our customers and assist where we can.

What is GDPR? In a nutshell, if you track or collect data from visitors to your website and they are in the EU, you need to collect the data in a GDPR-compliant way. There are three main points to these requirements: explicit consent, right to access, and right to be forgotten. Further, storage of personally identifiable information (PII) of EU citizens must be stored in the EU. GDPR is a complex topic, and we are only scratching the surface here, so it is recommended to discuss your specific requirements and liabilities with a qualified data protection officer or lawyer.

Explicit consent – Requires capturing consent to track and store data about a user or visitor.

Right to access – Captured data needs to be accessible within 30 days of request in a machine-readable format.

Right to be forgotten – Captured data must be completely deleted within 30 days of request.

Scrivito.com checklist

GDPR requirement

scrivito.com

Explicit consent

Right to access

Right to be forgotten

Form content

Custom 3rd-party integrations

Custom widgets that collect or track data

Scrivito example app checklist

GDPR requirement

Scrivito Example App

Explicit consent

Right to access

Right to be forgotten

Form content and other user generated data

Implementation-dependant1

The Example App is designed to be GDPR compliant by default. When adding tracking or data capturing features to the Example App, you should also activate the cookie consent feature by adding a link to your privacy policy in the site settings of the homepage. The functionality was designed for the features included in the Example App. Should you add custom features to your project, which require tracking, additional steps should be followed to include the new features in the consent policy.

1The forms in the Example App all have a consent field which, when activated, are required for form submission. The consent text is sent as part of the form data so it can be tracked with the users’ data in case of a GDPR audit. Additionally, the contact form can be customized to store data to whichever backend you choose, which needs to be GDPR compliant. By default, as an example implementation, our widget utilizes Netlify Forms which might require a data processing agreement (DPA) between you and Netlify because they store data also in the US.

Your checklist

GDPR requirement

Your web app

Explicit consent

Right to access

Right to be forgotten

Form content

Custom 3rd-party integrations

Custom widgets that collect or track data

Additional information about how Scrivito helps you to be GDPR compliant can be found in our compliance documentation and terms of service.

Learn more about enterprise SaaS CMS Scrivito