GDPR and Click and drop Compliance
On 25 may new data protection rules come into force
Will a method to delete all date relating to one of out clients
so we can comply to the new tights and specifically
Right to be forgotten: An individual can request that an organisation remove all personal data they hold without delay.
Dan Austin commented
In regards to GDPR, there are 6 different "Reasons" for holding someone's personal data, and what rights both parties involved have, regarding said data.
Thankfully, this data would fall under the "Contract" type, meaning that the information is a requirement in order for you to complete a contract that both parties have entered into.
This is not the same as the "Consent" type, which is the major one we're all getting worried about. Information obtained under "Consent" gives the individual the right to be forgotten etc.
More info on the Contract definition here:
I advise reading the entire documentation on GDPR from the ICO, takes a little brain power to process it all, but it's not actually as bad as we all thought. You just need to prep ahead of time and get your justifications in writing before 25 May.
Hope this was helpful!
name and address are personal data
Even IP address is counted as Personnel Data
Dependent on context.
I.e its is when used with google analytic
but not in server log
Ron Taylor commented
I have been delaying looking into this, so better get started
Would name and address be classed as personal data that has to be removed?
From an e-commerce point of view do we not have an obligation to maintain invoice records which would contain names and address. We would not be able to remove that data from invoices surely?