Apply GDPR rules to magento

[inluxc]

What do you guys think about GDPR in Magento, it's going to be a Big thing in the EU http://www.eugdpr.org/.

How should we approach this as (core / optional) or as a module? Basically, we have to encrypt the customer's data in the database and every communication with the customer has to be concent.

TODO's

• [ ] Right to be forgotten (Need to validated how it works with orders and invoices)
• [ ] Customer data encrypted
• [ ] Customer Communication Consent (Email, SMS, etc)
• [ ] Third-party customer info (Google Analytics, Hotjar, etc)
• [ ] Customer data export function (All related customer data ex: orders, invoices, logs, customer data, addresses, etc)
• [ ] Log customer data access in the admin
• [ ] Database encryption

[tmotyl]

I'm quite up to date with the topic, and you're right it is a big thing in the EU. However it's not a hard requirement to encrypt customer data in db. There are other more important requirements which might require changes in Magento e.g. "right to be forgotten".

[inluxc]

We should do a list of all things we need to do.

[colinmollenhour]

As M1 is not EOL yet it would be interesting to see if anything is done about this in upstream and in CE specifically...

[colinmollenhour]

Encryption should probably just be handled by the database or filesystem layer. Handling it in the app would be very ugly. E.g.: https://dev.mysql.com/doc/refman/5.7/en/innodb-tablespace-encryption.html

[grizwako]

Hi, please keep in mind that you need user consent to just see customer data.
While the right to be forgotten seems tricky indeed, I think that case where user temporarily disallows access is even trickier. Did you guys maybe get some feedback from official Magento team/upstream?

[oviliz]

I doubt they would do for CE more than this, https://magento.com/blog/magento-news/magento-gdpr-and-you-5-things-know-right-now

[clotted]

Some nice guidance here + extension: http://www.zero1.co.uk/2018/01/24/gdpr-how-to-achieve-compliance-with-magento/

[clotted]

This looks useful too: https://github.com/DivanteLtd/anonymizer/

[stevensagaar]

This page looks promising with FAQ and key suggestion & considerations around Magento stores https://www.scommerce-mage.com/magento-gdpr-compliance.html

[Flyingmana]

For: Right to be forgotten

Regarding order data, we will need to keep them, at least as long as legally required (germany 10 years)

https://blogs.opentext.com/general-data-protection-regulation-gdpr-can-customers-use-opentext-sap-timely-deletion/

non order related data is another topic, basically anything else related to a customer account.

Doing this in a extendable way gets interesting, as you cant build a solution which covers all 3th party Modules automatically. In the end I would say this part can already easy be done by the customer support. Just change all personal identifying data on the customer account and delete the addresses there. So while we can put a lot of work in building a genius solution, it will not be a lot faster then currently.

[jaimiedijstra]

I agree with Flyingmana's comment, there are a lot of reasons to keep sales data for accounting but also returns, insurance, proof that a service/product was provided, or dare I say public liability! I am UK based. I am Just getting my head around this GDPR (a month or two in!) but it states we need to give the customer the easy option of deleting the personal data. I am not convinced that "Easy option" specifically means providing the facility for the customer to action this at the click of a button in their account area, as this may be too complex as this not only causes issues or checks for third party extensions but may cause issues for third party data processors (i.e. mailchimp integration or cloud accounts solutions, shipping...etc), all of which may require admin to handle the deletion request (or to make non-essential data anonymous. Would be great to get any feedback from anyone else who is looking into this? From the official EU sources, the deletion needs to be done in a timely manner which is less than one month, not seconds?

[tomekjordan]

Hi. according to the law, you should delete personal data on request, but orders completed and its data should stay in your database for accounting, taxes etc. I dont see any reason for removing it. Privacy law cannot cover other laws like tax laws. so stores should have still access to the data, only user account should be deleted or anonymized. I see this as deleting account by admin in Magento, it makes user account to be romoved, but all past orders are changed to guest made (or something). and its sufficient

[inluxc]

I agree @tomekjordan, but as Portugal you have to have an certified accounting software all the orders and tax have to go to that software has Magento is not a certified accounting software. So we have to anonymize or delete the customer info. I going to start an GDPR module, with the point's i have added on top. Most of them optional, so people can activate and deactivate them as needed. Open-Sourced of course.

[stevensagaar]

@tomekjordan and @jaimiedijstra - you don’t need to remove any order data, just need to anonymise customer data from orders, invoices, shipments and credit memos. Rest of the data can stay in Magento for tax purposes for example order number, tax, shipping, product information, order total etc. Hope it clarifies!

[sreichel]

Closing this. Out of scope - at least for now.