Optimizely Content Management System
Describes GDPR guidelines for Optimizely Content Management System (CMS).
Collect data
Optimizely Content Management System (CMS) Core logs system activities such as events and system errors.
Note
From CMS Core 11.4.0, log files do not include any Personally Identifiable Information (PII), such as usernames or IP addresses. See Write log messages for logging configuration in CMS 12.
Ask for consent for audiences
Audiences (also known as visitor groups) provide a means to personalize content. You can turn off audiences per request to reflect brand privacy policy and consent. One option is to react to “do not track” headers, but you should customize it to fit the brand privacy policy. Some built-in audiences collect data using cookies with a limited lifetime, but nothing personally identifiable is stored centrally by default, which is the recommended pattern. If you track and store PII using customer visitor group criteria, ensure you have consent first.
Store data
See also Store data and Data guidelines.
DXP Secure data
Optimizely Digital Experience Platform (DXP) secures access to stored PII in several ways. Content stored in DXP is encrypted at rest, access to the underlying storage technologies and infrastructure is restricted to Optimizely personnel, and access to the website is secured through the included Web Application Firewall. Most vulnerabilities are usually found in the application layer, so you should run regular scans of sites using the optional Web Vulnerability Scanner or similar technology you choose.
CMS Secure data
CMS relies on SQL servers for most of its storage needs, so you should restrict access to SQL servers and use the built-in encryption capabilities to protect PII data at rest.
CMS Profiles
The built-in profile system does not track PII by default but can be used that way. If you choose to store PII in the profile system, ensure the underlying storage is appropriately protected (encryption, regular vulnerability scanning, and so on) and users represented by the profiles explicitly give that consent.
Fetch data
CMS Profiles
The profile system provides the ability to query and update profiles.
CMS audiences
Unless you have added your own or third-party visitor group criteria, you should not have any PII collected by audiences, so there is no data to correct or query here. The visitor can delete anything stored in cookies by clearing cookies.
See also Fetch and update data.
Delete data
DXP
Data deleted from the underlying storage is deallocated and physically deleted through NIST-certified methods. Deallocated data is physically deleted within at most 180 days.
See also Delete data.
Best practices
You should follow these guidelines to enjoy the best experience with CMS.
Set up
- You must handle PII obfuscation and follow data anonymization practices. This includes when a database is copied from production to lower environments.
- If used, you must update any scripts, especially if you upgrade between PaaS versions.
Manage SQL scripts and data
- Consider moving any SQL script to a Scheduled Job. The scripts are in source control, and you can update them along with product updates.
- This Scheduled Job cannot be run in a Production environment, so a hard-coded condition based on an Environmental variable needs to be in place.
- Scheduled Job can be set to run daily on Integration and PreProduction to ensure that PII data are obfuscated when possible.
- Review the notifications in Integration and Preproduction. If you can, disable sending notifications from the lower environments with a flag and only enable the flag during testing the notification feature.
- In addition, you may want to control who has the power user role in Optimizely’s Paas Portal because power users can export and download the production database. Customer developers may need to ensure a copy of the production database on their local machine has PII data obfuscated before starting the local site.
General reminder
If you contact Optimizely Support, be aware the Optimizely team can run scripts for you, but they do not have access to your different code and database tables. While the scripts may run, the Support team can not debug or validate the intended outcome of the script running process (anonymization, deletion, and so on).
Optimizely accepts no responsibility for scripts run that do not achieve the intended outcome.
Updated 5 months ago