The European Union's General Data Protection Regulation on data privacy rights takes effect as of May 2018. For further information see the GDPR page at the Adobe Privacy Center.
See AEM GDPR Readiness for further details.
In our out-of-the-box Commerce integrations, AEM is the experience layer, consuming services and sending data back to the customer commerce platform that runs in a headless mode.
For some commerce platforms, we store profile information (/home/users) and commerce tokens (to login in the commerce platform) in AEM. For these use cases, please read Handling GDPR Requests for the AEM Platform.
For the Salesforces Commerce Cloud integration, AEM Commerce does not store any GDPR relevant information. You should forward the request to the Salesforce Cloud.
For the hybris and IBM WebSphere integrations, there is some data in AEM. You should use the AEM Platform GDPR instructions and consider these questions:
- Where is my data stored/used? Cached user profile information such as name, commerce user identifier, token, password, address data, and so on is shown from AEM.
- With whom do I share the covered GDPR data? Any update of GDPR relevant data in AEM Commerce does not get stored (except relevant profile information, as mentionned above) but is proxied back to the commerce platform.
- How to delete my user data? Delete the user profile in AEM and invoke the user deletion on the commerce platform.