Deleting Personal Data of Customers in Compliance with the European Union's Data Protection Regulation
This tutorial explains how commercetools supports merchants to be compliant with EU's General Data Protection Regulations (GDPR).
Please note that this tutorial does not constitute legal advice.
If a customer contacts you as a merchant and requests to receive a complete list of all personal data which has been collected by you, you have to be aware of the resources supporting the storage of personal data.
In the following, it will be explained how the resources mentioned in this paragraph can be retrieved and ultimately erased in a GDPR compliant manner. As a merchant, please review your data model carefully to ensure that no other commercetools Composable Commerce resource (for example Product or Category) contains or refers to personal data.
Retrieval of Collected Data
For each of the resources supporting the storage of personal data, it is possible to conduct customer specific retrievals. Here is an overview of the retrievals needed to be performed:
- Customer: Get Customer
- Cart: Get Cart by Customer ID
- Order: Query Order using Customer ID in Predicate
- Payment: Query Payment using Customer ID in Predicate
- Review: Query Review using Customer ID in Predicate
- Shopping List: Query Shopping List using Customer ID in Predicate
- Discount Code: Query Cart Discount with Discount Code required where Cart Predicate contains Customer ID
- Custom Object: Query Custom Object with reference to customer related identifier in Predicate
- Message: Query Message for all resource identifiers returned from the above queries
To ease the retrieval process, commercetools has made a tool available on GitHub. Using this NodeJS tool, you can perform a bulk retrieval across all the listed resources. We have made it open source, so you can customize the retrieval in regards to your specific data model pertaining to Custom Objects and Custom Types.
Request to Erase Collected Data
Should a customer execute on the right to be forgotten, making the request to have all collected data erased, it is important to be aware that a default DELETE request may not clean up all data. A DELETE request will for example not erase personal data that are part of Messages, or from the logs that commercetools keeps internally for some time to reconstruct data in case of faulty system behavior.
To erase in a GDPR-compliant manner, commercetools Composable Commerce therefore offers a parameter for DELETE requests called
dataErasure. If set to
TRUE, commercetools Composable Commerce guarantees that all personal data related to the particular object, including Messages as well as internally logged data, are erased.
For an overview, here are the documentation links for the individual delete actions. To erase in a GDPR-compliant manner,
dataErasure=TRUE must be set:
As with the retrieval of customer related data, the open source NodeJS tool allows you to perform the delete actions in a bulk fashion, and you can customize it in regards to the Custom Objects and Custom Types of your data model.
Request to Access Traceability of Collected Data
Should a customer request of you to show the traceability of actions taken against the collected data, you will have to contact https://support.commercetools.com and submit a request for this. The request will need to include the Customer ID as well as all the resource identifiers for which the change history is needed. Our support team will then make sure that you get a list of Messages capturing the individual changes to each resource.
For any changes performed on a resource within the Merchant Center after 2018-05-25, the change history will include the User ID that performed the change.