Hi Craig, hi all,
I have a question about how to remove or anonymize customers data.
Let’s say my site’s T&Cs state that we will retain our customer data for x years.
So x years pass and I need to remove or anonymize (replace them with let’s say *) customers PIIs (Personally identifiable information).
I’m guessing it needs to be done somewhere in the database. Can you give me a tip on how to filter the customer data and safely remove/anonymize them?
Ideally for both M1 & M2.
This is still something that I’ve not fully implemented into my projects yet. It seems like a task that would be very labour intensive (as technically this would be a daily task as opposed to monthly or annually). I can’t speak for M1 but what I can say is that Amasty and Aheadworks both do a GDPR extension, which I will likely choose at some point. My personal reasons are:
- They’re both Magento Partners (so it’s in their interest to do a good job)
- I’ve had a positive experience with their support teams
- They’ve started integrating their other modules with GDPR
- I use modules by both developers, which reinforces my third point
Notice: Shilly GDPR links will be removed, unless left by a user with a “member” status. (Posts like these tend to invite spammy links to products and services.)
But to answer your question, yes you’d have to look into the Database if you wanted to do this yourself. However, the task might be more complex that you imagine based on Unique Keys and linked data. Screwing around with the database still makes my heart skip a beat today due to the unknown collateral it may cause. I can’t give you any more advice on this though as it’s not something I’ve looked into doing by hand. I’d rather pay for a solution and let them worry about making it work.
I use the Amnasy’s GDPR module for M1 but you see it doen’t give you possibilities of filtering customers data by date and anonimising them in bulk.
Customers can donload their own data, request them to be anonimised but any store should clearly state in its policy why and for how long it will retain the PII and after the period the data should be errased or annonimised.
The modules you mentioned are helpfull but they won’t do everything.
If you find out a way how to anonimise the PII please let me know.
Amnesty gdpr module description below:
- Comply with the EU’s GDPR and various legislative requirements
- Manage customer consents on the gird
- Allow customers to download, anonymize or request to delete personal data
I didn’t realise. I haven’t examined then in great depth. Should probably be higher on my TODO list. I’ll try to remember to update my post if I learn more.
Great. Thank you very much.
You see this can cost a shop owner a bit of money if don’t comply with the legislation or ignore the GDPR policy. From what I remember up to up to €20 million, or 4% annual global turnover.
I know that €20 million is an extreme but even £5k-£20k would hurt a small company.
Some time ago I tried to dig into DB and I modified some records in customers tables but I gave up. I need to know what I’m doing.
Customers full names, email addresses, billing, and posting addresses need to be anonimised.
Regards & have a good weekend.
I’m guessing you had no time to look at how to remove PII from Magento.
You see Amazon Web Services have implemented a compliance policy for all third-party integrated applications to remove all PII (Personally Identifiable Information) obtained directly from Amazon 30 days after dispatch. This is serous now. I amy ask guys from M2E Pro they may help becouse their integration pulls PIIs to magento. I’m guessing the eBay will do the same shortely and regardles whether a saler trades on marketplaces or not he still needs to remove or anonimise the PIIs after some time.
Can you please look at it when you find some time?
Woah, 30 Days is a bit over-the-top to data anonymity.
I checked in with aheadWorks and Amasty to see when they would add the features required to:
- Anonymise in bulk
- Auto anonymise based on time-scales
However, they wouldn’t commit to any dates. So, we shouldn’t expect anything from them anytime soon.
You’re definitely going to need some sort of PHP script to accomplish the aforementioned points. As you’re probably aware, there are lots of Tables that make up the DB… So, you can’t just go in and delete records or that could have a catastrophic cascading effect. So, you’ll need to implement logic that knows what data is linked to what, which will also randomly generate Name, Email, Phone, Address, etc…
It might be worth having a look at these 3 links. They appear promising, but I haven’t looked in much detail:
- A current GDPR Module on the market that might be worth looking at is GDPR by BSS.
- And these two projects look like they’re trying to solve the problem too, but appear to be in development still so use at your own risk: