Introduction
The deletion of personal data is required by the EU General Data Protection Regulation (GDPR) Article 17 -"Right to erasure (right to be forgotten)". This concept covers scenarios where users want their data to be deleted.
The target group of this concept are developers who want to understand how personal data deletion can be customized. It is assumed that they are familiar with the concept behind the Basic Handler Chain Framework. Personal data deletion has been included in the storefront Contact Us form (Subject: Request Personal Data Deletion) and in Profile Settings (Request Account Deletion button).
Furthermore, an action for personal data deletion is available in Intershop Commerce Management on channel level (Customers | Personal Data Requests: new action Delete Customer Data).
Glossary
| Term | Description |
|---|---|
| GDPR | General Data Protection Regulation - a regulation of the European Union that defines the processing of personal data |
| User | Individual Customer |
| CSR | Customer Service Representative - a representative of the site owner |
| ICM | Intershop Commerce Management |
References
- GDPR
- Basic Handler Chain Framework
- Guide - GDPR Declaration ICM
- Cookbook - GDPR Personal Data Deletion Handling
Configuration
Currently the ICM GDPR feature is enabled by default.
The following GDPR related settings can be configured in the Intershop Commerce Management on channel level:
| Preference name | Description | Default value |
|---|---|---|
| gdpr.NotificationsEmailFrom | The sender's e-mail address for GDPR-related e-mail notifications | |
| gdpr.PersonalDataConfirmationLinksExpirationPeriod | The number of hours after which the confirmation links in personal data request confirmation e-mails will no longer be valid | 24 h |
| gdpr.PersonalDataRequestsExpirationPeriod | The number of days after which PersonalDataRequest objects which are in closed or pending state will be deleted by a job | 30 days |
| ContactFormUserServiceEmailFrom | Defines the sender's address of the Contact Us e-mail | |
| ContactFormUserServiceEmailTemplate | The layout of the Contact Us e-mail is defined by the e-mail template | |
| ContactFormUserServiceEmailTo | Defines the recipient's address of the Contact Us e-mail |
Since 7.10.16.0 this preferences could be configured in Intershop Commerce Management.
Personal Data Request Preferences page:
Contact Us Preferences page:
In order to delete subscriptions (recurring orders) of a person via the GDPR deletion handler chain, the Recurring Orders feature must be enabled for the channel in which the person is registered.
This can be done by setting EnableRecurringOrder preference to be true. There is no UI for it, so the value can only be updated via SQL.
Deletion of Personal Data for Anonymous Users
The Contact Us form is intended to be used by anonymous users who want their data to be deleted. When an anonymous user submits the form, ICM sends e-mails to the user and the CSR. The CSR can then delete or anonymize the user's personal data manually.
Once the CSR deletes or anonymizes the user's personal data, he can set the state of the deletion request to Completed.
The Delete Customer Data action is not available for deletion requests of anonymous users in the ICM.
Deletion of Personal Data for Registered Users
Аs opposed to a scenario with anonymous users, deletion of personal data for registered users does not require any manual steps from a CSR. When a user clicks on Request Account Deletion, two different e-mails are sent afterwards - to the user and to the CSR. The user's account will be deactivated. The deletion request is then available in the ICM and a CSR can delete the personal data at Channel name | Customers | Personal Data Requests. Clicking on delete personal data will trigger the deletion handler chain, which deletes or anonymizes the user's personal data stored in the ICM. If some of the data could not be deleted for legal reasons, they are anonymized, so no reference to the person could be made.
Deletion Handler Chain
Personal data deletion logic is encapsulated in a set of handlers that are responsible for deletion/anonymization of specific parts of personal data, stored in the ICM.
These handlers are assigned to the CustomerDeletionChain handler chain, defined in the f_business/f_checkout/bc_customer cartridge. This handler chain has transactional behavior. That means, if exceptions occur during the execution of a given handler, all previously deleted data are restored via rollback.
The list of registered handlers can be seen in live documentation, which is available via the following URL: http://{host:port}/INTERSHOP/web/WFS/{application}/{localization}/-/{currency}/InspectHandlerChains-Start.
The live documentation is also available for download here: CustomerDeletionHandlerChain.zip.
Some of the handlers do not delete personal data immediately: basket, order, promotion and gift card anonymize data instead of deleting them. The reason for this is that legally binding contracts, e.g., orders need to be saved for audit. In such cases the data are not deleted but anonymized, so no reference to the person can be made. The following list contains the configured handlers in the ICM that are part of the CustomerDeletionChain:
Sub Chain: CustomerDeletionChain | |||
Position | Cartridge | Handler | Description |
| 5 | bc_b2b_role_orm | UnassignUserRolesCustomerDeletionHandler | In case of B2B customer, checks if the user is the only account admin of that customer and if so interrupts the deletion process by raising an error. |
| 10 | bc_basket_orm | SetBasketsInvalidCustomerDeletionHandler | Handler that sets the status of all baskets of all users within the customer deletion context to INVALID. The scheduled job Remove Invalid Baskets will take care of deleting them. |
| 20 | bc_whishlist | DeleteWishlistsCustomerDeletionHandler | Handler that deletes the wishlists of all users in the customer deletion context. |
25 | bc_marketing | CashbackCustomerDeletionHandler | Removes all not redeemed cashbacks and cashback promotion codes for the customer. |
| 30 | bc_order_orm | SetOrdersToBeDeletedCustomerDeletionHandler | Handler that marks all orders of the customer or concrete customer user as to be deleted. The scheduled job Delete Orders will take care of deleting them. |
| 40 | bc_order_service |
| Handler for deleting all recurring orders of the customer or selected user of a customer. Nothing happens if the recurring order feature is disabled. |
| 50 | bc_marketing | AnonymizePromotionCodesCustomerDeletionHandler | Handler that anonymizes all promotion codes used by any user in the customer deletion scope (name and e-mail are set to NULL). |
| 70 | ac_giftcard_std | AnonymizeGiftCardCustomerDeletionHandler | Handler that removes the user reference from gift cards used by any user within the customer deletion context. |
| 80 | bc_marketing | CustomerAlertsDeletionHandler | Deletes all alerts used by one user in customer deletion scope. |
| 100 | bc_customer | BasicCustomerDeletionHandler | Handler that removes the customer or concrete user from the group customer. In the default CustomerBO implementation ORMCustomerBOImpl, deletion of a customer will also remove all assigned users and customer addresses. |
The following list contains recurring jobs configured in the ICM that are periodically responsible for deleting baskets or orders, which are in state suitable for deletion. These jobs could be considered as part of the process for personal data deletion.
| Scheduling | ||
| Deletion Job | Description | Domain |
| Remove Invalid Baskets | This job removes baskets with the status invalid. | SLDSystem |
| Delete Orders | Deletes orders whose Stored procedure - sp_deleteOrders.sql | inSPIRED, root |