Blog | Pimcore

Data Protection and GDPR with Pimcore | pimcore.com

Written by Christian Kemptner | Dec 5, 2017 11:00:00 PM

Pimcore provides several tools and settings to provide GDPR compliance for implementation providers and users.

GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states. The EU’s new General Data Protection Regulation (GDPR) takes effect on May 25, 2018. Why does this eventually affect Pimcore and Pimcore based solutions? Content and customer experience management solutions, such as Pimcore, play an essential role in delivering contextually relevant and personalized digital experiences. Such solutions need to track, store and process visitors' personal and behavioral data and therefore may be affected by this new regulation.

As Pimcore is a framework for delivering personalized experiences and not an out-of-the-box solution, the client, company, agency or software integrator implementing Pimcore must be aware of the GDPR and its consequences. As such, Pimcore does not give any consultation or legal advice, but provides comfortable tools to help to achieve GDPR compliance.

Which data is affected?

The GDPR defines personal data as any information relating to an identified or identifiable person. In short, any data that can help directly or indirectly identify a person. Names, identification numbers, email addresses, location data, IP/MAC addresses or other network identifiers are all examples of personal data that can directly identify a person. Online orders, behavioral data and so on, can indirectly identify a person.

Pimcore provides various tools to stay GDPR compliant. You can find them below.

1. Restriction of access to data

Restriction of data access is achieved with Pimcore’ s extensive permission system. It allows restricting the access, changing and deleting information based on user and role levels. For details have a look at our documentation about users and roles.

Another handy tool - the Permission Analyser - allows analyzing the actual permissions of a Pimcore user for a certain data element.


2. Right of access to data

For searching and exporting data related to a person, Pimcore provides the new GDPR Data Extractor tool, which is available with our latest build (December 5, 2017). Features included:

  • Search for data related to a person, based on first name, last name, and e-mail
  • Show a list of all data including additional details
  • Export all data as JSON
  • Delete personal data directly from the result list

For more information concerning configuration see your GDPR Data Extractor Development Docs.


3. Right to rectification & right to erasure

Pimcore supports the paradigm of single-source-publishing and delivering data to various output channels. All information and data are just stored in one single place and is reused in needed channels. Because of this paradigm, rectification of data is made very easy since it only needs to be done in one place. Once updated and published, the information is delegated to all places where it is used and Pimcore takes care of the rest.

Also in terms of erasure of information, Pimcore’ s single-source-publishing plays a vital role. Once a data element (e.g. data object) is deleted, Pimcore automatically cleans up all related data (e.g. versions, etc.) and updates the data in all places where it was used.

Know more: