With the GDPR law entering into effect just a month ago, many companies are still struggling with the requirements (or in some cases litigation !). A lot of them are trying to deal with the requirements by updating privacy policies, which seems like a minimal solution, but that might even be incomplete (right to be forgotten and data download still need to be available), while others have resorted to more extreme measures such as temporarily deactivating access to their website for EU residents.
At Jahia, we have been working on delivering products that help with the GDPR compliance for quite a while now, and we are even working on a OASIS standard for collecting and managing visitor data called the Context Server specification. This specification is in the final stage of redaction, mostly complete on a feature-side and offers interesting features such as a consent management API.
Along with the standard, its reference implementation is the Apache Unomi project, a true open source customer data platform that makes it possible to collect and manage visitor data. The server includes features that help make your solution GDPR compliant, although by no means is it fully sufficient since data collection and management under GDPR requirements is a full company effort, and cannot be managed by a single tool.
Apache Unomi is an API-first Java server, that exposes all it’s functionality through a REST API, but it will also be available under a GraphQL API when the CXS standard is finalized and fully implemented (because CXS is using a GraphQL API).
So what this means is that you can build Apache Unomi from source, deploy it and start using it is Consent API to manage visitor consents - including being able to change a consent at a later time ! (Apache Unomi will soon release a packaged version that contains the consent API but current binaries don’t include it yet so this is why you must build it from source).
This consent API makes it possible to remember the consents that visitors have accepted (or refused !) and the Apache Unomi rule system can be used to listen to consent changes and trigger any specific action you may want to do. For example you could build your own action to go delete some data in your CRM if a consent is refused. The sky and your imagination are the limits !
If you’re not interested in integrating an API but would prefer a UI and a full-blown digital experience management solution, I would recommend you give our Jahia DXP and Marketing Factory products a good hard look. They provide out of the box consent management along with personalization features that will help deliver powerful and impactful experiences while at the same time fulfilling most GDPR requirements (for example profile download or profile deletion are out of the box features !)