Allen Snook for WooCom­merce:

In addi­tion to clear­er notices and pri­va­cy poli­cies, the GDPR also gives EU res­i­dents pow­er­ful new rights such as the Right of Access, Right to Rec­ti­fi­ca­tion, and Right to Era­sure.

That means that EU res­i­dents will be able to:

  • Demand a copy of all the data you have about them.
  • Demand any errors in the data be cor­rect­ed.
  • Request the removal of all per­son­al data.

The GDPR also gives EU res­i­dents the right to find out if their per­son­al data has been com­pro­mised. Stores will need to noti­fy cus­tomers if their per­son­al data is stolen in a breach, and do so in a time­ly man­ner.

Orga­ni­za­tions need to be able to respond to a com­mon request: Please delete every­thing relat­ed to my account.

Pro­tect­ing per­son­al infor­ma­tion requires coor­di­na­tion and con­fig­u­ra­tion. GDPR bounds the organization’s user rela­tion­ship and lays out rea­son­able data stew­ard­ship reforms. Orga­ni­za­tions must doc­u­ment their entire data port­fo­lio. All data­bas­es, ana­lyt­ics, and logs with per­son­al info need audit­ing. Ini­tial first steps include reduc­ing per­son­al infor­ma­tion col­lect­ed and anonymiz­ing IP address­es in serv­er logs.