new-gdpr - Mobiloitte Blog

GDPR Compliance in Web Content Management Programs

As per Gartner, by May 2018, less than 20% of all organizations worldwide will fully comply with the EU’s GDPR. By 2020, at least 20% of organizations that deploy content services will face noncompliance with the GDPR resulting in potentially heavy fines.

Web content management (WCM) combines various content and data for effective, personalized
experiences. It uses personal data which can be scattered across many repositories. Even though WCM vendors are saying their tools are compliant with the General Data Protection Regulation (GDPR) but organizations still need to take care of this by itself.


  • Application leader who oversee web content management programs:
  • Include WCM as part of organization wide GDPR compliance exercise
  • Must create an inventory of personal data with clarity on how personal data is collected and processed. Why the personal data is being used?
  • Diligently check the actual capabilities your WCM provider offers to support GDPR compliance and identify where your responsibilities lie.
  • Collaborating with your data protection officer in defining privacy policies & procedures.

GDPR requirements list, which are specifically impacting WCM programs include:

  • Data subject’s consent to share personal data
  • Data subject’s right to know when and how their personal data is being used
  • Data subject’s right to be “forgotten”
  • Timely notifications in the event of a personal data breach