|
|
|
|
|
|
by garciasn
1835 days ago
|
|
|
A company may store both customer data and order data and keep them under GDPR, because a particular customer provided it knowingly. The important piece is when a customer asks to be removed, the company must remove their customer data (e.g. their name and address) but the order information can remain orphaned in order to do analyses on revenue, orders, etc. The right to be forgotten is ONLY about customer data, not related anonymized identifiers that tie back to the previous customer's order history. |
|
|
Example: if you buy a lawnmower, the seller may he required to notify you of any safety recalls for many years (depending on location). GDPR does not change this requirement for saving personal contact data with the order data, even if the buyer later says “forget me”.