magento · jeff-matthews · Dec 19, 2019 · Dec 6, 2019 · Dec 6, 2019 · Dec 6, 2019
diff --git a/src/_data/main-nav.yml b/src/_data/main-nav.yml
@@ -196,6 +196,10 @@
     - label: Checkout
       url: /howdoi/checkout/checkout_overview.html
 
+    - label: Compliance
+      url: /compliance/industry-compliance.html
+      versionless: true
+
     - label: Inventory Management
       url: /inventory/index.html
       exclude_versions: ['2.0', '2.1', '2.2']

diff --git a/src/_data/toc/compliance.yml b/src/_data/toc/compliance.yml
@@ -0,0 +1,26 @@
+label: Compliance
+pages:
+    - label: Industry Compliance
+      url: /compliance/industry-compliance.html
+      versionless: true
+      children:
+
+      - label: Privacy Regulations
+
+        children:
+
+        - label: CCPA
+          versionless: true
+          url: /compliance/privacy/ccpa.html
+
+        - label: GDPR
+          versionless: true
+          url: /compliance/privacy/gdpr.html
+
+        - label: PI Reference (M2.x)
+          versionless: true
+          url: /compliance/privacy/pi-data-reference-m2.html
+
+        - label: PI Reference (M1.x)
+          versionless: true
+          url: /compliance/privacy/pi-data-reference-m1.html
diff --git a/src/compliance/industry-compliance.md b/src/compliance/industry-compliance.md
@@ -0,0 +1,11 @@
+---
+group: compliance
+title: Industry Compliance
+---
+
+Merchants are obligated to meet industry guidelines for maintaining a secure environment, legal requirements in their jurisdiction, and best practices for online commerce. To learn more from a business perspective, see the [Industry Compliance](https://docs.magento.com/m2/ee/user_guide/stores/compliance-industry.html) section in the _Magento User Guide_.
+
+This compliance documentation provides the technical information to ensure that Magento Commerce installations comply with the requirements of specific privacy legislation. Some of these requirements require merchants to complete additional development work to achieve compliance. See the following topics for details:
+
+-  [California Consumer Privacy Act (CCPA)]({% link compliance/privacy/ccpa.md %})
+-  [General Data Protection Regulation (GDPR)]({% link compliance/privacy/gdpr.md %})
diff --git a/...cture/gdpr/backend-data-access-points.svg → ...ce/privacy/backend-data-access-points.svg b/...cture/gdpr/backend-data-access-points.svg → ...ce/privacy/backend-data-access-points.svg
diff --git a/...ecture/gdpr/backend-data-entry-points.svg → ...nce/privacy/backend-data-entry-points.svg b/...ecture/gdpr/backend-data-entry-points.svg → ...nce/privacy/backend-data-entry-points.svg
diff --git a/src/compliance/privacy/ccpa.md b/src/compliance/privacy/ccpa.md
@@ -0,0 +1,46 @@
+---
+group: compliance
+title: California Consumer Privacy Act
+---
+
+{:.bs-callout-info}
+This is one in a series of topics to help Magento merchants and developers understand the implications of the California Consumer Privacy Act (CCPA). The information is intended for informational purposes only and should not be construed as legal advice. Consult with your legal counsel to determine whether and how your business should comply with any legal obligations.
+
+The [California Consumer Privacy Act][1] (CCPA) expands the rights of consumers in California to determine how their personal information is collected, stored, and used, with an emphasis on protecting consumers from the unauthorized sale or exchange or their personal information. The CCPA was enacted in 2018 and is effective as of January 1, 2020.
+
+The CCPA grants the following new rights to consumers:
+
+-  **Right to know** the categories of personal information about them that was collected, used, shared, or sold in the past 12 months.
+-  **Right to delete** certain types of personal information that is held by a business and/or their service provider(s).
+-  **Right to opt out** of the sale of their personal information.
+-  **Right to non-discrimination** in terms of price or service for having exercised a privacy right under CCPA.
+
+## CCPA Compliance Guide
+
+Developing and implementing a CCPA compliance plan requires a coordinated effort. We encourage merchants to assemble a cross-functional team, and follow the roadmap outlined in [CCPA Compliance Guide][2] to bring their company into compliance with the regulation. As a developer, you might be invited to participate as a stakeholder with an emphasis on steps 2 - 5 of the process. See the [CCPA Compliance Guide][2] for more information.
+
+1. Assemble a cross-functional team to address CCPA compliance.
+
+1. **Take inventory of digital properties.**
+
+1. **Map the customer journey and data collection processes.**
+
+1. **Establish procedures and mechanisms to respond to customer requests.**
+
+1. **Write the content for the required CCPA customer notifications.**
+
+1. Review agreements with service providers.
+
+1. Update the privacy policy.
+
+1. Document all CCPA-related procedures and maintain records.
+
+## Personal Information Reference
+
+For technical information, see the data flow diagrams and database entity mappings in the Personal Information Reference that applies to each version of Magento that you support.
+
+-  [Personal Information Reference (Magento 2.x)]({% link compliance/privacy/pi-data-reference-m2.md %})
+-  [Personal Information Reference (Magento 1.x)]({% link compliance/privacy/pi-data-reference-m1.md %})
+
+[1]: https://oag.ca.gov/privacy/ccpa
+[2]: https://docs.magento.com/m2/ee/user_guide/stores/compliance-ccpa-guide.html
diff --git a/...ture/gdpr/frontend-data-access-points.svg → ...e/privacy/frontend-data-access-points.svg b/...ture/gdpr/frontend-data-access-points.svg → ...e/privacy/frontend-data-access-points.svg
diff --git a/...cture/gdpr/frontend-data-entry-points.svg → ...ce/privacy/frontend-data-entry-points.svg b/...cture/gdpr/frontend-data-entry-points.svg → ...ce/privacy/frontend-data-entry-points.svg
diff --git a/src/compliance/privacy/gdpr.md b/src/compliance/privacy/gdpr.md
@@ -0,0 +1,31 @@
+---
+group: compliance
+title: General Data Protection Regulation
+redirect_from:
+  - /guides/v2.3/architecture/gdpr/magento-2x.html
+  - /guides/v2.3/architecture/gdpr/magento-1x.html
+  - /guides/v2.2/architecture/gdpr/magento-2x.html
+  - /guides/v2.2/architecture/gdpr/magento-1x.html
+---
+
+{: .bs-callout-info}
+This is one in a series of topics to help Magento merchants and developers understand the implications of the General Data Protection Regulation (GDPR). The information is intended for informational purposes only and should not be construed as legal advice. Consult with your legal counsel to determine whether and how your business should comply with any legal obligations.
+
+The European Union (EU) enacted [General Data Protection Regulation](https://ec.europa.eu/info/law/law-topic/data-protection_en) (GDPR) to give its citizens more control over their personal data. GDPR applies to any organization operating within the EU. It also applies to organizations outside of the EU that offer goods or services to customers or businesses in the EU.
+
+System integrators can use the data flow diagrams and database information in the Personal Information Reference to build scripts to resolve use cases similar to the following:
+
+-  A shopper asks for a copy of the data the merchant has stored about her
+-  A shopper requests that all information about him be deleted
+
+## Personal Information Reference
+
+For technical information, see the data flow diagrams and database entity mappings in the Personal Information Reference that applies to each version of Magento that you support.
+
+-  [Personal Information Reference (Magento 2.x)]({% link compliance/privacy/pi-data-reference-m2.md %})
+-  [Personal Information Reference Magento 1.x)]({% link compliance/privacy/pi-data-reference-m1.md %})
+
+For more information about how Magento helps merchants comply with GDPR, see the following:
+
+-  [GDPR Compliance](https://docs.magento.com/m2/ee/user_guide/stores/compliance-gdpr.html)
+-  [Magento is Ready for GDPR](https://magento.com/gdpr)
diff --git a/...ides/v2.2/architecture/gdpr/magento-1x.md → ...ompliance/privacy/pi-data-reference-m1.md b/...ides/v2.2/architecture/gdpr/magento-1x.md → ...ompliance/privacy/pi-data-reference-m1.md
@@ -1,21 +1,19 @@
 ---
-group: architecture-guide
+group: compliance
+title: Personal Information Reference (Magento 1.x)
 ---
 
-# General Data Protection Regulation
+{: .bs-callout-info}
+This is one in a series of topics to help Magento merchants and developers prepare for compliance with privacy regulations. Consult with your legal counsel to determine whether and how your business should comply with any legal obligations.
 
-The European Union (EU) enacted [General Data Protection Regulation](https://www.eugdpr.org/) (GDPR) to give its citizens more control over their personal data. GDPR applies to any organization operating within the EU. It also applies to organizations outside of the EU that offer goods or services to customers or businesses in the EU.
+Use the following data flow diagrams and database entity mappings for reference when developing compliance programs for privacy regulations such as:
 
-We are publishing this compliance information to help our merchants and their system integrators with GDPR compliance. A system integrator can use the data flow diagrams and database information to build scripts to resolve use cases similar to the following:
-
-*  A shopper asks for a copy of the data the merchant has stored about her
-*  A shopper requests that all information about him be deleted
-
-See the corporate [Magento website](https://magento.com/gdpr) for more information about how Magento helps merchants comply with GDPR.
+-  [GDPR]({% link compliance/privacy/gdpr.md %})
+-  [CCPA]({% link compliance/privacy/ccpa.md %})
 
 ## Dataflow diagrams
 
-The data flow diagrams show the types of data that customers and administrators can enter and retrieve on the storefront and in Admin.
+The data flow diagrams show the types of data that customers and administrators can enter and retrieve on the storefront and Admin.
 
 ### Frontend data entry points
 
@@ -31,7 +29,7 @@ Magento loads customer information when the customer logs in and views several d
 
 ### Backend data entry points
 
-A merchant can enter customer, address, and payment information when using Admin to create a customer or order.
+A merchant can enter customer, address, and payment information from the Admin to create a customer or order.
 
 ![Backend data entry points](backend-data-entry-points.svg)
 
@@ -274,26 +272,26 @@ Table | Column | Data type
 
 Other tables that reference Customer:
 
-*  `catalog_compare_item`
-*  `downloadable_link_purchased`
-*  `enterprise_customerbalance`
-*  `enterprise_customersegment_customer`
-*  `enterprise_giftregistry_entity`
-*  `enterprise_reminder_rule_log`
-*  `enterprise_reward`
-*  `log_customer`
-*  `log_visitor_online`
-*  `oauth_token`
-*  `product_alert_price`
-*  `product_alert_stock`
-*  `report_compared_product_index`
-*  `report_viewed_product_index`
-*  `review_detail`
-*  `sales_billing_agreement`
-*  `sales_flat_shipment`
-*  `sales_recurring_profile`
-*  `salesrule_coupon_usage`
-*  `salesrule_customer`
-*  `tag`
-*  `tag_relation`
-*  `wishlist`
+-  `catalog_compare_item`
+-  `downloadable_link_purchased`
+-  `enterprise_customerbalance`
+-  `enterprise_customersegment_customer`
+-  `enterprise_giftregistry_entity`
+-  `enterprise_reminder_rule_log`
+-  `enterprise_reward`
+-  `log_customer`
+-  `log_visitor_online`
+-  `oauth_token`
+-  `product_alert_price`
+-  `product_alert_stock`
+-  `report_compared_product_index`
+-  `report_viewed_product_index`
+-  `review_detail`
+-  `sales_billing_agreement`
+-  `sales_flat_shipment`
+-  `sales_recurring_profile`
+-  `salesrule_coupon_usage`
+-  `salesrule_customer`
+-  `tag`
+-  `tag_relation`
+-  `wishlist`