GDM maintains all operational data after a user deletion including some high level data (e.g. high level location data of customer etc.) so reporting is uneffected. All eCommerce order data persists – only user PII is removed.
GDM can isolate WooCommerce guest data in the same way as regular user data. If the request is for data deletion, GDM only deletes the user data leaving system data intact for future reporting etc. as per data protection guidelines.
GDM does not put the responsibility on the webmaster to securely generate and send requested data. No user data is sent over email, instead a secure link is emailed to the requestor which expires once activated or after 24 hours of inactivity. Requestors must complete the actions themselves ensuring that no export data is left accessible on webmasters machines in line with GDPR compliance.
GDM stores activity remotely so in the event of a roll-back, the plugin will compare remote activity with local data to sync any changes. Users will not have to go through the verification process again. Data controllers can re-run the already verified actions.
If a user requests their data to be deleted, what happens to posts etc. that they have contributed?
The content (body, title etc.) remains in place – only the associated PII (author detail etc.) is removed.
If your are gathering personally identifying information (PII) from users (eCommerce customers, contributors etc.) within the European Union (EU), you must comply with the General Data Protection Regulation (EU) 2016/679 (‘GDPR’).