Right to be Forgotten in GDPR Compliance for OpenCart

The Right to be Forgotten is an essential part of the General Data Protection Regulation.

Right to be Forgotten is a functionality that lets users ask websites to completely delete all records of their personal data.

So, if you’ve been a customer to an online store and you want them to delete all your personal data, they need to let you do it as part of their compliance with the General Data Protection Regulation.
 

Same goes for your OpenCart website.

GDPR Compliance is getting frequent updates and one of the newest versions contains major improvements to the Right to be Forgotten functionality in the extension.

Let’s take you through the whole process of using the Right to be Forgotten feature in GDPR Compliance both from a customer and merchant point of view.
 

Step 1: Customer Submits a Data Deletion Request

This is the GDPR Tools page in your OpenCart store. Every store that has GDPR Compliance installed will have such a page.

At the bottom is the link for Requesting personal data deletion.


This is where your customers click to let you know they want you to delete all their personal data.

Customer enters their email address.

The link leads them to the page where they need to submit the email address they used for creating their account in your OpenCart store.


When the customer submits their email address, they will get an email confirming their request containing a link saying Delete My Personal Data.

This link will be valid for 2 hours.


After the customer clicks the link in their email, they will be redirected back to your OpenCart store.

The next step is for the customer to confirm their request for deleting all their personal data.

To do that, they should click the Yes, delete all my data button.


Step 2: Admin Approves Customer Request

From the merchant view, you need to approve the customer’s request from the Deletion Requests tab in your GDPR Compliance extension.

So first, click the thumbs up button to approve the request.


You will then have the freedom to configure the details for the personal data deletion of this customer.

First, you can set a deletion date.

This is selected from the calendar and your GDPR Compliance extension will automatically delete the customer’s data when that date comes.

Meanwhile, you will be able to delete the personal data manually at a date and time of your choice.


Next, you can choose the type of data you want to delete.

  • Customer Data (All personal information)
  • Saved Addresses (All address information)
  • Orders (All order history)
  • GDPR Data (All GDPR requests)


Before you finish, you can leave the customer a note that will appear in the email they receive.

When you’re done, click Approve Request and the deletion will be scheduled for the date you selected.


After that, the customer will receive the following email.

It will notify them that their Right to be Forgotten request is approved and will show them the type of data that you will be deleting.


When the Deletion Date comes or you manually delete the customer data, the status of their request will be changed to Deleted/Anonymized in your Deletion Requests tab.

You will no longer be able to edit the entry.

Deny Deletion Request

Since you're the store owner, you can choose to deny the request for personal data deletion based on your judgement.


This gives you an option to explain the reason behind your denial and let the customer know why their request will not be accepted.


 

Step 3: Right to be Forgotten Request Complete

The final email your customer will receive is the one confirming that their Right to be Forgotten request for data deletion is now complete.

Join 11,000+ subscribers receiving actionable E-commerce advice

* Unsubscribe any time
comments powered by Disqus