Concept - GDPR Personal Data Deletion Handling

1 Introduction

The deletion of personal data is required by the EU General Data Protection Regulation (GDPR) Article 17 -"Right to erasure (right to be forgotten)". This concept covers scenarios where users want their data to be deleted.

The target group of this concept are developers who want to understand how personal data deletion can be customized. It is assumed that they are familiar with the concept behind the Basic Handler Chain Framework. Personal data deletion has been included in the storefront Contact Us form (Subject: Request Personal Data Deletion) and in Profile Settings (Request Account Deletion button).

Furthermore, an action for personal data deletion is available in Intershop Commerce Management on channel level (Customers | Personal Data Requests: new action Delete Customer Data).

1.1 Glossary

TermDescription
GDPRGeneral Data Protection Regulation - a regulation of the European Union that defines the processing of personal data
UserIndividual Customer
CSRCustomer Service Representative - a representative of the site owner
ICMIntershop Commerce Management

1.2 References

2 Configuration

Currently the ICM GDPR feature is enabled by default.

The following GDPR related settings can be configured in the Intershop Commerce Management on channel level:

Preference nameDescriptionDefault value
gdpr.NotificationsEmailFromThe sender's e-mail address for GDPR-related e-mail notifications
gdpr.PersonalDataConfirmationLinksExpirationPeriodThe number of hours after which the confirmation links in personal data request confirmation e-mails will no longer be valid24 h
gdpr.PersonalDataRequestsExpirationPeriodThe number of days after which PersonalDataRequest objects which are in closed or pending state will be deleted by a job30 days
ContactFormUserServiceEmailFromDefines the sender's address of the Contact Us e-mail
ContactFormUserServiceEmailTemplateThe layout of the Contact Us e-mail is defined by the e-mail template
ContactFormUserServiceEmailToDefines the recipient's address of the Contact Us e-mail

Since 7.10.16.0 this preferences could be configured in Intershop Commerce Management.

Personal Data Request Preferences page:

Contact Us Preferences page:


In order to delete subscriptions (recurring orders) of a person via the GDPR deletion handler chain, the Recurring Orders feature must be enabled for the channel in which the person is registered.

This can be done by setting EnableRecurringOrder preference to be true. There is no UI for it, so the value can only be updated via SQL.

3 Deletion of Personal Data for Anonymous Users

The Contact Us form is intended to be used by anonymous users who want their data to be deleted. When an anonymous user submits the form, ICM sends e-mails to the user and the CSR. The CSR can then delete or anonymize the user's personal data manually.

Once the CSR deletes or anonymizes the user's personal data, he can set the state of the deletion request to Completed.

The Delete Customer Data action is not available for deletion requests of anonymous users in the ICM.

GDPR ContactUs Anonymous Workflow

4 Deletion of Personal Data for Registered Users

Аs opposed to a scenario with anonymous users, deletion of personal data for registered users does not require any manual steps from a CSR. When a user clicks on Request Account Deletion, two different e-mails are sent afterwards - to the user and to the CSR. The user's account will be deactivated. The deletion request is then available in the ICM and a CSR can delete the personal data at Channel name | Customers | Personal Data Requests. Clicking on delete personal data will trigger the deletion handler chain, which deletes or anonymizes the user's personal data stored in the ICM. If some of the data could not be deleted for legal reasons, they are anonymized, so no reference to the person could be made.

GDPR Registred User - Deletion Personal Data

5 Deletion Handler Chain

Personal data deletion logic is encapsulated in a set of handlers that are responsible for deletion/anonymization of specific parts of personal data, stored in the ICM.

These handlers are assigned to the CustomerDeletionChain handler chain, defined in the f_business/f_checkout/bc_customer cartridge. This handler chain has transactional behavior. That means, if exceptions occur during the execution of a given handler, all previously deleted data are restored via rollback.

The list of registered handlers can be seen in live documentation, which is available via the following URL:  http://{host:port}/INTERSHOP/web/WFS/{application}/{localization}/-/{currency}/InspectHandlerChains-Start.

The live documentation is also available for download here: CustomerDeletionHandlerChain.zip.

Some of the handlers do not delete personal data immediately: basket, order, promotion and gift card anonymize data instead of deleting them. The reason for this is that legally binding contracts, e.g., orders need to be saved for audit. In such cases the data are not deleted but anonymized, so no reference to the person can be made. The following list contains the configured handlers in the ICM that are part of the CustomerDeletionChain:

Sub Chain: CustomerDeletionChain

Position

CartridgeHandlerDescription
5bc_b2b_role_ormUnassignUserRolesCustomerDeletionHandlerIn case of B2B customer, checks if the user is the only account admin of that customer and if so interrupts the deletion process by raising an error.
10bc_basket_ormSetBasketsInvalidCustomerDeletionHandler Handler that sets the status of all baskets of all users within the customer deletion context to INVALID. The scheduled job Remove Invalid Baskets will take care of deleting them.
20bc_whishlistDeleteWishlistsCustomerDeletionHandler Handler that deletes the wishlists of all users in the customer deletion context.

25

bc_marketingCashbackCustomerDeletionHandlerRemoves all not redeemed cashbacks and cashback promotion codes for the customer.
30bc_order_ormSetOrdersToBeDeletedCustomerDeletionHandler Handler that marks all orders of the customer or concrete customer user as to be deleted. The scheduled job Delete Orders will take care of deleting them.
40bc_order_service

DeleteRecurringOrdersCustomerDeletionHandler

Handler for deleting all recurring orders of the customer or selected user of a customer. Nothing happens if the recurring order feature is disabled.

50bc_marketingAnonymizePromotionCodesCustomerDeletionHandlerHandler that anonymizes all promotion codes used by any user in the customer deletion scope (name and e-mail are set to NULL).
70ac_giftcard_stdAnonymizeGiftCardCustomerDeletionHandler Handler that removes the user reference from gift cards used by any user within the customer deletion context.
80bc_marketingCustomerAlertsDeletionHandlerDeletes all alerts used by one user in customer deletion scope.
100bc_customerBasicCustomerDeletionHandler Handler that removes the customer or concrete user from the group customer. In the default CustomerBO implementation ORMCustomerBOImpl, deletion of a customer will also remove all assigned users and customer addresses.


The following list contains recurring jobs configured in the ICM that are periodically responsible for deleting baskets or orders, which are in state suitable for deletion. These jobs could be considered as part of the process for personal data deletion.

Scheduling
Deletion JobDescriptionDomain
Remove Invalid BasketsThis job removes baskets with the status invalid.SLDSystem 
Delete Orders

Deletes orders whose toBeDeleted flag is true and whose status is not PENDING, MANUAL_INTERVENTION_NEEDED or EXPORTFAILED. The selection of statuses that are ignored for the order deletion can be overwritten by defining an attribute called ExcludedStatuses, datatype String, with comma-separated values, i.e. PENDING,MANUAL_INTERVENTION_NEEDED,EXPORTFAILED.

Stored procedure - sp_deleteOrders.sql

inSPIRED, root



Disclaimer

The information provided in the Knowledge Base may not be applicable to all systems and situations. Intershop Communications will not be liable to any party for any direct or indirect damages resulting from the use of the Customer Support section of the Intershop Corporate Web site, including, without limitation, any lost profits, business interruption, loss of programs or other data on your information handling system.

Customer Support
Knowledge Base
Product Resources
Support Tickets