If you’re running a website, then you certainly have heard of General Data Protection Regulation. GDPR is becoming one of the hottest topics around, as companies try to figure out how to get their applications compliant and avoid paying their lawyer’s power bills for the next few years. CIOs are getting grilled left and right, and developers are being tasked with getting the company’s assets up to date. With many enterprises using a Content Management System(CMS) for their sites, a lot of questions are coming up as to what needs to be done and by whom. In this article, I’ll let you know what you need to look for from your CMS vendor to get your sites on the up and up, and keep your legal fees down.
GDPR is a big deal. And it’s certainly being discussed around conference rooms and water coolers throughout Europe and the rest of the world. Many companies are beginning to make the necessary changes to their systems to adhere to new laws. Others are, well, still in the “deer in the headlights” phase.
Regardless of which camp you are in, you need to know what to expect from your CMS vendor. As your trusted platform for your business, your CMS is at the core of your GDPR compliance journey. Are they prepared for the new laws? Are they giving you the tools you need? Let’s take a look at what you should expect from your CMS platform when it comes to the new regulations.
Prepared for GDPR
First and foremost, your CMS vendor should be well-versed in the ways of GDPR. They should have a deep understanding of the new regulations, the impact it has on user’s data, and what their responsibilities are for compliance. While most of the onus is on the implementation partner, vendors should still be aware of the challenges their customers (You) will face.
Because of the far-reaching aspects of the regulations, vendors need to know exactly how and where data is being stored within their systems. This means reviewing every bit of code within the platform, and documenting what is being stored and where. CMS vendors should be following the regulations closely, tracking any deadlines and dates. This information will be essential for their customers looking to shore up their sites security and get compliant.
The bottom line
Your CMS vendor should have updated documentation on GDPR, and time invested in researching and understanding the new regulations. They should fully understand how the new laws affect them as a software provider, as well as businesses who use their software.
Access to data
Once a CMS vendor identifies the data, they need to make sure their partners can get to it. Every company that implements a site with a CMS will need to be able to provide their users with access to their personal data, a full list of the information, and the ability export it to a number of formats. Getting to that data should be easy and straightforward, reducing the roadblocks a company will have in trying to adhere to the news rules. Prebuilt modules and utilities to get this data is a huge bonus, as anyone using the platform will need to comply.
The bottom line
Look for a CMS vendor that has easily viewable, open data repositories to help you become GDPR compliant. Ideally, they’ll have some pre-made utilities to help you view all your client’s data quickly, and the ability export them, if needed. Because much of the GDPR laws center around the user’s ability to control their information, expect your CMS vendor to provide the ability o get consents, adhere to data requests, and forget a user, if needed.
Customized solutions
Every business is different. The data you collect and store about your users can be as varied as a fingerprint, so a custom GDPR solution is always a possibility. If you’re leveraging a CMS, you will likely need to store specific information about your users, in a very unique way. While you don’t want to give up all the sweet data you collect on your users, GDPR can drastically alter how and when that data is stored. As you define your individual GDPR needs, you need to ensure your CMS is up to the task.
Nearly every CMS offers an Application Programming Interface (API) to develop with. When it comes to your user’s data, be sure your platform has GDPR-ready interfaces to help you create your solutions. This means the ability to log data quickly, but still ensure what you’re storing is compliant. A flexible and scalable API is key here, and will ease the burden of getting your sites up to code.
The bottom line
You CMS should be easily extendable with a robust API. The interface should be updated to help you continue to store data, while ensuring you adhere to the new rules. As stated before, the data should be easily accessible and enable you to implement whatever customizations needed for you to follow the laws, but keep your business productive.
A committed partner
There’s no magic switch to make your sites GDPR compliant. Because the new regulations are so exhaustive, it’s going to take plenty of time and planning to understand exactly what you’re going to need to do and when. And like with most jobs, many hands make for quick work. Having a trusted partner on your journey can lighten load, and make sure that nothing gets overlooked. Because your CMS vendor built the platform, they will be the most knowledgeable when it comes to what you’ll need to do to get things in order.
The bottom line
You made an investment to use a CMS. Make sure your CMS vendor has made an investment in you and your success. They need to be upfront with information and guidance. They should be knowledgeable about the new rules and regulations and provide detailed documentation. And above all, they need to be a good partner and ready to help you stay a satisfied and happy customer.
Moving forward
People invest a lot of time and money into choosing a CMS for their applications. Features and functionality aside, what’s most important is how well your organization can use the tool to achieve their goals. When it comes to GDPR, this is especially important as you will need every advantage you can get. In this article, I shared some key things to expect from your CMS vendor to help prepare you. It’s certainly not the end of the list, but a good starting point if you’re beginning your regulation compliance adventure. In the end, I hope your CMS is a great partner and you’re able to update set your sites up for success and a harmonious, GDPR-compliant future. Good luck!