Allen Snook for WooCommerce:
In addition to clearer notices and privacy policies, the GDPR also gives EU residents powerful new rights such as the Right of Access, Right to Rectification, and Right to Erasure.
That means that EU residents will be able to:
- Demand a copy of all the data you have about them.
- Demand any errors in the data be corrected.
- Request the removal of all personal data.
The GDPR also gives EU residents the right to find out if their personal data has been compromised. Stores will need to notify customers if their personal data is stolen in a breach, and do so in a timely manner.
Organizations need to be able to respond to a common request: Please delete everything related to my account.
Protecting personal information requires coordination and configuration. GDPR bounds the organization’s user relationship and lays out reasonable data stewardship reforms. Organizations must document their entire data portfolio. All databases, analytics, and logs with personal info need auditing. Initial first steps include reducing personal information collected and anonymizing IP addresses in server logs.