Hi, just going through a GDPR related data audit at work surrounding personal data and Linnworks has cropped up as it stores 'personal data' e.g. names/addresses/emails etc. In particular, it is the archive stuff like orders/emails and if anyone were to exercise their right to erasure (not the group) meaning that anything we held on them would have to be deleted. Obviously, transactional data up to 7 years old can be justified as needing to be stored but past that point, there is no reason to store them. I can't see a way of deleting archived despatch emails and orders and wonder if this will be an issue?
We have indeed reviewed the new regulations and at the moment we are not planning to implement any functionality to allow users to remove buyer data from the system, as it may cause issues with the data stored within our database. We hold the customer contact data for the purposes of retaining historical order data that may be required for accounting purposes, as well as for reporting to the HMRC.
Please also keep in mind that all the information on your Linnworks orders is directly linked to the data that is present on your sales channels, which is one of the reasons why this data may not be removed. The order data that is present in Linnworks is only available to us and the selling channel as the data processor, and to yourself as the data controller.
Also note that under the right to erasure, if amending any personal information in Linnworks will be required, we will be able to do that on your behalf from our end, however, it would need to be carefully defined, what actual data needs to be removed, and what it needs to be replaced with in order to ensure data integrity.