Subscribe to our blog!



  • Sitefinity
  • GDPR
  • EU
  • compliance
By on

Q: What is GDPR?

A: GDPR stands for General Data Protection Regulation and is approved by EU Parliament. The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years! GDPR replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.

Q: Who is this for?

A: The GDPR not only applies to organizations located within the EU but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.

Q: My company is in UK. Does this relate to me?

A: Yes! Brexit is not affected since the rules will come in force before the UK leaves the EU.

Q: Why should I care?

A: Starting from 25 May 2018 (enforcement date), all companies that hold or process personal data and do not comply with the GDPR can be fined. Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. Yup, you read that right!

Q: What stays for personal data?

A: Any information related to a natural person that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.

Q: Is my Sitefinity site GDPR compliant?

A: There are several rules that make your website compliant with GDPR. Click here for a 60 seconds compliance check and see if you are breaching the new Regulation.

Below we have listed top questions and recommendations that you can ask yourselves to check if you are compliant:

  • Is your Sitefinity data encrypted?

Recommendation: You should ensure that data is encrypted always, including when it’s in transit (e.g. while being uploaded).

In Sitefinity, the connection string is not encrypted by default and username and password are visible in plain text. Make sure to follow Progress official KB article to encrypt data.

Another important aspect is to add data encryption to Sitefinity forms data. By default, forms data is stored in plain text in the database. Most likely contact form submissions that have been saved to your website’s database are no longer needed to be kept. Follow this blog post for more details on encrypting and make sure to delete old form submissions from your database.

  • Do you encrypt personal data sent by email?

Recommendation: By default, emails sent though the Sitefinity Notification Service are not encrypted. If you are planning to send personal data via emails, then you need to take care for the encryption.

  • Do you respect your users?

If an individual asks you to remove their data from your systems you have to comply. This includes all backups, all references to, etc. etc.

Recommendation: Pay attention to clear the revision history in Sitefinity if needed. Read more here for how to control the revision history for pages in Sitefinity.

  • Do you have a data protection policy page that helps your users in how to keep personal data secure?

Big part of GDPR is communicating to your users about how and why you’re collecting and using their data. Prepare a website’s privacy policy page and list all there.

Q: My site is not storing any personal data but we have integrations with Salesforce, Dropbox, MailChimp, etc. Is this a problem?

A: The GDPR would call these systems third party data processors as they will process data on their behalf. US companies should also be Privacy Shield compliant. Most of the US companies will (or have already started) with the GDPR compliance. If the third party is not yet compliant with GDPR or Privacy Shield contact them and find out when they plan on becoming compliant.

Q: Need help! My Sitefinity site is not GDPR compliant.

A: We are here to help! Drop us a line at

Back To List

By continuing to use this website you are agreeing to its use of cookies. To find out more, please see our cookie policy.