GDPR: 4 Key Questions to Ask Your CMS Vendor

GDPR: 4 Key Questions to Ask Your CMS Vendor

Mar 27, 2018
GDPR: 4 Key Questions to Ask Your CMS Vendor

By now, the term GDPR is probably sending shivers down your spine and keeping you up at night. It’s kind of a big deal. Here are some key questions to ask about your CMS vendor that will help get your sites on the up and up, and keep your legal fees down.

If you’ve got a website, then you’ll already be working out how to make it compliant with the General Data Protection Regulation (GDPR) which comes into effect on May 25, 2018. That, or contemplating paying for all your lawyer’s vacations for the considerable future!

Assuming you’re going for the less-expensive (though somehow more daunting) former, then your CIOs are scheduling time to breathe amongst constant questions around the regulation, and your developers are up with the sun getting the company’s assets ready and up to date. There’s not a work kitchen, office foosball corner, or conference room in the world whose walls don’t already echo with the term GDPR. And with good reason; it’s a big deal.

Some companies are scurrying around, desperately working out all the ways in which it affects their business and scrambling to get things in place; others are stuck in the “deer in the headlights” stage, feeling somewhat overwhelmed by the huge changes that need to take place and not knowing where to start.

Well, a smart place to start is at the core of it all; your CMS.

Is Your Vendor GDPR Savvy?

You want to be able to trust that not just your CMS, but your CMS vendor has got your back when it comes to GDPR compliance.

Do they have a deep understanding of what impact the new regulation will have on users’ data? Are they aware of their own responsibility when it comes to data stored in their systems? Do they fully appreciate the challenges their customers are facing?

Your vendor should have reviewed every morsel of code within the platform and know exactly how and where data is stored in their systems. They should be eminently up to date and researched on all aspects of the regulation and aware of all deadlines and dates. They should also be supporting you in your own compliance by delivering tools that deal specifically with GDPR-related activities.

The bottom line

Your CMS vendor should understand the implications of GDPR fully, both from the perspective of a software provider, as well as that of a business using their software.

Is Your CMS GDPR Ready?

Just as your CMS vendor will have to ensure their partners can access and export all personal data held about them, and those partners need to ensure their customers can do the same with theirs, so too do you with yours. At any time, a user can ask to see a complete list of all personal data held about them, to be sent the data, for some data to be removed, or for their entire profile to be deleted completely.

Your CMS should support you in this element of compliance by reducing roadblocks and providing the tools you need.

Look for a platform that comes with open data repositories and prebuilt modules and utilities that help you view all your users’ data quickly and to export it if needed. You should expect your CMS to provide the ability to gather different consents, adhere to data requests, and respond to a user’s right to be forgotten quickly and easily.

The bottom line

Every element of your compliance should have been considered by your CMS vendor and their software should provide useful and easy-to-use tools to help you succeed.

Will the System Support Your Individual Needs?

No two businesses are alike. The data your business collects and stores about your users may be completely different from the one next door. So, GDPR will affect your business in a unique way.

Just as your system should support you in how you store and access data, it should also support your uniqueness in relation to the regulation.

Though most CMSs comes with an Application Programming Interface (API), you’ll want to check that your interface is robust, flexible, scalable, and GDPR ready so that you can log data quickly but simultaneously ensure the data stored is compliant. The GDPR tools and readiness of your CMS shouldn’t get in your way, but should rather enable all the customization you could need to keep business flowing while following the rules.

The bottom line

GDPR compliance is going to be different for every business and your CMS should support that by being highly GDPR customizable.

Can You Count On Your Vendor?

With the new regulations being so comprehensive, it will take time, research, and planning to fully understand them and respond appropriately. Not to mention patience and some stress-relieving activities. You might even need a little help from your friends.

And when it comes to your CMS, no one knows the platform like the vendor. So they should be providing you with all the information and guidelines you need to start making the journey towards compliance and helping you get all your ducks in a row. Detailed documentation should be free-flowing.

Having a trusted partner at your side can lighten the load and help make sure nothing is overlooked.

The bottom line

Make sure your CMS vendor is investing in your success by doing their upmost to help you get compliant.

Onward and Upward

Choosing a CMS is no easy thing. It’s the beating heart of your organization and needs to meet your very individual demands while helping you achieve your goals. And this means a hell of a lot more than providing an impressive list of features and functionality.

Your CMS has to support your success—whatever that looks like. So you’ll want as CMS that allows you do all the amazing things you already do but helps you do it in a GDPR-compliant way. And you’ll want a vendor you can trust. Take every advantage you can get as you make this transition. 

In this article, I have shared some key questions to ask about your CMS vendor as you start getting GDPR prepared. It certainly doesn’t cover all the questions, but should be useful as you begin your regulation compliance adventure.

I hope your CMS vendor is a great partner and that you’re able to set your sites up for a successful and harmonious GDPR-compliant future.

Best of luck!

Please don’t forget to comment on your thoughts about GDPR readiness below. And check out how Kentico 11’s Data Protection app can help you place GDPR-compliance at the heart of your tech stack.

More by this author

We're sorry, but your browser is currently not supported. Try using our website in other browsers like the new Microsoft Edge, Google Chrome, or Mozilla Firefox.
Should you have any query or want to report any issue, feel free to send us an email to