Last updated - February 24, 2020
We have published an article to help you understand WooCommerce GDPR compliance requirements. As you probably know by now, if your customers include citizens of the EU, you are bound to adhere to the guidelines specified in the GDPR. With the latest updates, WordPress and WooCommerce has come up with features to help their users comply to these regulations more easily. In this article, we will look into some of the latest WooCommerce GDPR features that would help your store prepare execute the guidelines better.
The latest update of WordPress 4.9.6, and WooCommerce 3.4.1 have features that will help you comply to these requirements with less hassles.
To Comply with “Right to Access”
According to the GDPR, your users can demand access to their information stored in your server. It is important to be able to retrieve these data, when you receive a request from a user. Let’s see what specific options do WordPress and WooCommerce have in this regard.
Exporting personal data of users
The latest version of WordPress comes with an option to export personal data associated with a user’s email id to an HTML file.
It will help you add…
- Personal data from user meta/ user data to personal data export
- Personal data from comments to personal data export
- Attachments to the personal data export file
And, it will also help you package personal data into a file.
Adding to this, WooCommerce has provided the following data to be ready for export.
- The address and account information of a customer.
- Orders linked to a specific email ID.
- Download permissions and logs associated with the specific email address.
Managing the export of personal data
On your WordPress navigation panel, you will find the new settings to Export Personal Data (Tools > Export Personal Data).
When you click Export Personal Data, you will find a new screen where you can request a particular user’s data to be exported.
When you enter the email id of the user, the process of export will be initiated. However, one challenge here is to verify that the request from the user is authentic. For this, WordPress will send a verification email to that ID for confirmation. At this time, the status of the request will be ‘Pending’ and in the Next steps column, you will see ‘Waiting for confirmation’.
At the same time, the user will receive a mail to verify the request.
The user has to click the link that they find in the email.
Once the user click the link to verify, they will see a screen like below:
Now, on your WordPress Admin dashboard, you will see the status has changed for the user who has verified.
Sending the data to the user
When you click the Email Data button, WordPress will send a mail to the user with a link of their file and personal data. And, you will see that the status and Next steps column has changed to ‘Confirmed’ and ‘Email sent’ respectively.
The user will receive an email that will look like the below screenshot.
When they click the link, an HTML file is downloaded, which looks like the below screenshot:
Now, the button has changed to ‘Remove Request’, which will simply remove the request to export personal data.
And, if this is a WooCommerce customer, the file will look like this:
The site admin can manually download the personal data file by hovering the cursor over the requester email id, by clicking ‘Download personal data’ option.
Erasing the data of a user
Just like the data access request, a user can ask you to delete their data. The new WordPress and WooCommerce versions have options for that too.
Navigate to Tools > Erase Personal Data.
The verification process is similar to what you have seen above.
However, for a WooCommerce store, you may need to keep some information of your users for tax and other legal compliance aspects. For this, WooCommerce has provided a few options which you can choose.
You can find these options at WooCommerce > Settings > Accounts & Privacy.
In a scenario, where you manually delete a user, you will be also removing addresses, payment tokens and orders too. The orders are converted to guest orders. You can choose the ‘Remove personal data’ option from the bulk action drop-down too, to make an order anonymous.
Here is an article that talks more about WooCommerce user management, if you are looking for some actionable tips.
Setting a timeline for data retention
One of the clever strategies that you can adopt to ensure GDPR compliance would be to reduce the time you retain personal data that is not really useful. WooCommerce provides good options to deal with this too. Go to WooCommerce > Settings > Accounts and Privacy to set the time periods for these settings.
You can clear cancelled, failed and pending orders in a specified time. You can periodically clear Completed Orders too, which will become anonymous, so your sales statistics won’t be affected. Similarly, you can delete inactive accounts, which has been never logged into or has not made any orders.
You may find some useful tips for WooCommerce order management here.
Customizing Checkout fields
Furthermore, you can reduce the amount of private data that you collect by customizing the checkout fields too.
Go to Appearance > Customize > WooCommerce and change the display options of the optional fields. You will find an option to keep optional fields hidden.
You can also change the text of the Terms and conditions checkbox.
You will find options to change both these from the Account and Privacy tab too.
If you want to know more about customizing WooCommerce checkout fields, here is an article that can help you.
WooCommerce has also made changes not to keep any unnecessary personal information in log files.
Overall, the latest updates of WordPress and WooCommerce provide you with quite a lot of handy options to ensure GDPR compliance. These options can be really helpful for online store owners who are overwhelmed by requirements of the GDPR. The new features would help store owners to provide right to access and right to erasure features to their customers. And, there is a good process to verify the authenticity of any data access or erasure requests. Moreover, you will find help to reduce the amount of data collected as well as determining the time period for data retention. Hope this article has helped you understand the latest WooCommerce GDPR features that will help you comply with the regulations better.