Our Kit CMS and GDPR

How KIT, Our CMS, Complies With GDPR Legal Requirements

We have been busy getting our CMS product, Kit, to become GDPR-compliant.  Over the last year or so, we have remodelled much of our core code so that the privacy of users on the site has become central to the way that we design and code going forward.

Right to erasure

This module will allow you to easily delete a user whilst retaining important information such as orders. The following example shows the difference before and after the change.


Before the code change, it was not possible to delete a customer who had ordered a product from your site.  Thus, your only possible action was to make their user account inactive. However, if the website suffered a data breach at a future date, that user’s data would be exposed.


The Right to Forget module allows you to delete a user, along with their associated log and audit records, whilst retaining the order (the order is essentially attributed to no one).  Thus, if the site should suffer a data breach in the future, that user will not be found.

Right to be informed (data breach)

In the event of a data breach, you will need to contact the people affected and the Information Commissioners Office within 72 hours.  We would work with you closely to identify the scope of the breach and to prevent future access.  As such, we are asking all of our customers to appoint a Data Commissioner and to provide us with their details so that we could contact them in the event of an emergency.  

Independent of our actions, your Data Commissioner will be able to easily download a CSV file of all active users on the site and use this to easily contact all affected people. 

As our KIT sites do not store card details, harmful data is somewhat minimised.  Passwords are stored in an encrypted and salted format.  Our help site will provide you with suggested wording to use in the event that you need to carry out this task.

Auto Opt-In

This has been disabled by default so that all KIT-based sites using a mailing list can become compliant.  We may need to still work with you to modify wording on your subscription forms or to unbundle consent into separate items if needed.

A graphical guide to GDPR

GDPR guide for CMS Kit by Kontrolit

Not sure what service you need?

Give us a call on 01935 434734 or email us at hello@kontrolit.net and one of our team members will be happy to help.
Alternatively, click on the button below to fill out a contact form and we will get back to you on your preferred contact method.

Get In Touch