The GDPR: Right to Erasure Requests

Written by Allen Snook on May 16, 2018 Blog, Getting ready for the GDPR.

Sometimes. a customer wants to remove their digital footprint from the Internet. Maybe they were the victim of identity theft, suffered online harassment, or just want reduce their online presence. Whatever the reason, store owners who collect data from EU residents can expect to receive “Right to Erasure” requests under the GDPR.

As with Right of Access requests, the data a person can expect to be erased includes the obvious — name, address, phone number — and the less obvious, like tracking numbers and VAT IDs. 

One significant difference is that Right to Erasure requests are more like a right to request erasure. As a business owner, you probably need to keep some data for a limited time to comply with contractual obligations and protect yourself, like keeping tracking IDs to defend against shipping disputes or keeping VAT information for tax audits. Before you get your first request, it’s important to know what personal customer data you need to store, and to include this in your privacy policy and terms and conditions.

When you’re ready to fulfill a Right to Erasure request, the good news is that — as with Right to Access requestsWordPress 4.9.6 and WooCommerce 3.4 have tools to help.

Right to Erasure tool in WordPress core
There’s a new tool for responding to Right to Erasure requests in WordPress 4.9.6

Before You Get Your First Request

Here, you’ll also want to start with test orders to understand what data you collect, and develop a standard procedure for responding to requests. Your procedure should include:

  • How you will confirm the person’s identity: Only an authorized person can request erasure.
  • Where you will obtain the data. Some data will be available using the new tools in WordPress and WooCommerce. Some plugins store data separately, and you might have other online systems separate from your WordPress/WooCommerce store where you input data.

Not sure you know all the places data might be stored? This is where a test order is handy; you’ll be able to see what plugins are automatically providing data using the new WordPress export tool. Note all the plugins you don’t see in the export tool; you’ll have to erase data from these plugins separately.

In WooCommerce, new settings help you control and limit automatic erasure of customers’ personal data.  You can find them under WooCommerce → Settings → Accounts and Privacy. Here, you can control:

  • How long inactive accounts are preserved.
  • How long pending, failed, or cancelled orders are preserved.
  • How long completed orders are preserved.

You can also control some Right to Erasure-related settings, like:

  • Whether personal data in orders should be removed.
  • Whether access to downloads should be rescinded.

When That First Request Comes In

As with Right of Access requests, start by confirming the identity of the person making the request before you touch their personal data. 

A new WordPress page under Tools → Erase Personal Data lets you send a confirmation request to the customer’s email (or via their username). Type their email address in the box provided and hit “Send Request”:

While you’re waiting for the customer to confirm, you’ll see the request displayed as “Pending.”

Example of the email a user receives when you send a request to confirm identity in response to a Right to Erasure request
Example of the email a user receives when you send a request to confirm identity in response to a Right to Erasure request

After they click the link, you’ll see that status switch to “Confirmed”:

Confirmed!
Confirmed!

Once their identity is confirmed, click the Erase Personal Data button, and the software will start scrubbing away. WordPress, WooCommerce, and many extensions work together to erase a person’s personal data. If a plugin needs to retain a bit of personal data for whatever reason, it will be displayed to you at the end of the erasure process.

If the person has a user account on your site, the request will also include a link to start the “Delete User” process — the same one that is in WordPress core already. Hold off on this at first; you might want to preserve their account depending on whether any plugins you use return a message about items “retained” during the erasure process.

An example of the type of message you might see after requesting to erase user data
An example of the type of message you might see after requesting to erase user data

Again, don’t forget that this only covers plugins that hook into the new WordPress personal data erasure tool — you may need to manually remove personal data collected by other plugins or services to be in full compliance with the Right to Erasure request.

Next up? Notifying Customers of a Breach of their Data

WooCommerce and the GDPR - get resources and tools

2 Responses

  1. Sarvesh Arora
    May 18, 2018 at 3:51 pm #

    Thanks a lot for this update. I really liked your inputs.

  2. Andrew George
    May 19, 2018 at 2:05 am #

    I don’t have the accounts and privacy tab in WooCommerce mentioned during this article, mines displays an account tab and doesn’t allow me the controls mentioned in this article. How do I access this?

Leave a Reply

WooCommerce - the most customizable eCommerce platform for building your online business.

  • 30 day money back guarantee
  • Support teams across the world
  • Safe & Secure online payment