GDPR is used as an example in the sections below, but the details covered are applicable to all data protection and privacy regulations; such as GDPR, CCPA etc.
The European Union’s General Data Protection Regulation on data privacy rights takes effect as of May 2018. For further information see the GDPR page at the Adobe Privacy Center.
See AEM GDPR Readiness for further details.
In our out-of-the-box Commerce integrations, AEM is the experience layer, consuming services and sending data back to the customer commerce platform that runs in a headless mode.
For some commerce platforms, we store profile information (
/home/users) and commerce tokens (to login in the commerce platform) in AEM. For these use cases, please read Handling GDPR Requests for the AEM Platform.
For the Salesforces Commerce Cloud integration, AEM Commerce does not store any GDPR relevant information. You should forward the request to the Salesforce Cloud.
For the hybris and IBM WebSphere integrations, there is some data in AEM. You should use the AEM Platform GDPR instructions and consider these questions:
Have a look at the hybris wiki or the Websphere Commerce documentation if required.