Sometimes. a customer wants to remove their digital footprint from the Internet. Maybe they were the victim of identity theft, suffered online harassment, or just want reduce their online presence. Whatever the reason, store owners who collect data from EU residents can expect to receive “Right to Erasure” requests under the GDPR.
As with Right of Access requests, the data a person can expect to be erased includes the obvious — name, address, phone number — and the less obvious, like tracking numbers and VAT IDs.
When you’re ready to fulfill a Right to Erasure request, the good news is that — as with Right to Access requests — WordPress 4.9.6 and WooCommerce 3.4 have tools to help.
Before You Get Your First Request
Here, you’ll also want to start with test orders to understand what data you collect, and develop a standard procedure for responding to requests. Your procedure should include:
- How you will confirm the person’s identity: Only an authorized person can request erasure.
- Where you will obtain the data. Some data will be available using the new tools in WordPress and WooCommerce. Some plugins store data separately, and you might have other online systems separate from your WordPress/WooCommerce store where you input data.
Not sure you know all the places data might be stored? This is where a test order is handy; you’ll be able to see what plugins are automatically providing data using the new WordPress export tool. Note all the plugins you don’t see in the export tool; you’ll have to erase data from these plugins separately.
In WooCommerce, new settings help you control and limit automatic erasure of customers’ personal data. You can find them under WooCommerce → Settings → Accounts and Privacy. Here, you can control:
- How long inactive accounts are preserved.
- How long pending, failed, or cancelled orders are preserved.
- How long completed orders are preserved.
You can also control some Right to Erasure-related settings, like:
- Whether personal data in orders should be removed.
- Whether access to downloads should be rescinded.
When That First Request Comes In
As with Right of Access requests, start by confirming the identity of the person making the request before you touch their personal data.
A new WordPress page under Tools → Erase Personal Data lets you send a confirmation request to the customer’s email (or via their username). Type their email address in the box provided and hit “Send Request”:
While you’re waiting for the customer to confirm, you’ll see the request displayed as “Pending.”
After they click the link, you’ll see that status switch to “Confirmed”:
Once their identity is confirmed, click the Erase Personal Data button, and the software will start scrubbing away. WordPress, WooCommerce, and many extensions work together to erase a person’s personal data. If a plugin needs to retain a bit of personal data for whatever reason, it will be displayed to you at the end of the erasure process.
If the person has a user account on your site, the request will also include a link to start the “Delete User” process — the same one that is in WordPress core already. Hold off on this at first; you might want to preserve their account depending on whether any plugins you use return a message about items “retained” during the erasure process.
Again, don’t forget that this only covers plugins that hook into the new WordPress personal data erasure tool — you may need to manually remove personal data collected by other plugins or services to be in full compliance with the Right to Erasure request.
Next up? Notifying Customers of a Breach of their Data
Thanks a lot for this update. I really liked your inputs.
I don’t have the accounts and privacy tab in WooCommerce mentioned during this article, mines displays an account tab and doesn’t allow me the controls mentioned in this article. How do I access this?
Ive just checked this out and it should be dropping on May 23rd in 3.4 😉
This data will oftentimes also be backed up to other places by 3rd party plugins or by the webhost itself. Does the user’s data have to be deleted from those places as well?
We can’t give specific legal advice, but store owners may want to ask third parties they work with what they recommend regarding right to erasure requests and may wish to consult with an attorney about whether or not they should also ask those third parties to assist with right to erasure requests they receive.
We believe that you do have to remove data from database backups.
So this it not about third parties at all and what they do.
Most sites has multiple database backups taken as part of standard business processing. If you are affected by a request, it is unlikely your business can simply delete all backups. So you need a tool to remove the data.
And, yes while it might be a plugin that takes the backup, WooCommerce is being naive in their response on this one. A backup is a backup. How it is done is irrelevant. It still results in a standard database backup file. Any tool to remove data from a database should also remove it was any designated backups.
I do not see it as WooCommerce being “naive”, as they rightly say, they are not giving legal advice.
When you say ” Any tool to remove data from a database should also remove it was any designated backups” I think it is you that is being naive, how is that even possible?
My backups are created by software out of the control of WooCommerce, the backup is then copied to another server which WooCommerce can not access.
I do not see this as a big issue as long as you back up regularly and try and use the most recent back up, should a need arise. I am not expecting to be inundated with deletion requests. I am also unsure how long data should be kept for fraud prevention etc…
Hello Woo Team,
Can you please fix the share button as it is not working for me.
Thanks & Regards,
Hello! I’m happy that you made a patch for woocommerce 3.4 but in one of my website I have woocommerce 2.6.4 that I can’t upgrade. There’s something I can do to be gdpr compliance without upgrading to the latest version?
But HOW the user will ask you to erase the data..? or access them or whatever..?
I mean were in the site exist this option..??
Thanks for detail information about GDPR. As a webmaster, I think everyone should read this post.
When will they going to implement it outside the Europ?
Hi, what about the account itself. its removed the address details and order details with the setting enabled however the name and email address used to create the account in the first place (these 2 combined bits of data would be classed as personal data) are still in the system and the user can therefore still log in and see this.
Should this not remove the name on the account as well as anonymise or delete the users account in its entirety?
very informative when i read this very helpful for me
thanks for it
This is the best article ever. Thanks for sharing !
nice website. the great website ever. keep it up !
This is the best content. thanks for sharing articles !
Nice article great
Thank you for share best information
Information Post <3
Informative and helpful article. Thanks for this great content sharing. Keep on.
thanks for sharing with us.nice and informative articles.
Nice article. It is very useful. Thank u for sharing awesome content.
Thank you dear Allen. This was really helpful. Short and simple to understand.
I agree with you. This helped me a lot to understand GDPR,
Understanding DGRP is really difficult for people like me. But Allen you made it really simple. Thanks for your guidance.
Thanks a lot for this. This saved a lot of time.
Nice article thank you for share