This article is written in collaboration with a law agency. However, it is intended for general information purposes only. It does not constitute a client-attorney relationship or personalized legal advice.
GDPR grants data subjects the right to having their data deleted only if certain conditions are met:
- The data is not needed for the purpose it was gathered;
- The basis for processing was consent and the data subject withdraws it;
- Data processing was not lawful;
- There is a legal obligation for erasure.
This means your customers do have the right to request deleting their WordPress account along with all personal data (e.g. Billing and Shipping Address) that’s tied to their account (technically, stored usually in wp_usermeta database table).
Obviously, if you need the data to fulfil an order, you cannot delete it before you fulfil it.
In addition to that, most EU countries have the legal obligation to store invoices for a certain time period for accounting purposes. This period varies from country to country. This means that you might need to keep the orders, but delete or anonymize everything else. (Technically, the order data is usually stored in a different database table anyway, namely wp_postmeta). Orders aren’t the same as invoices, of course, so if you keep both, you might be taking a tiny little business risk. For maximum safety, consult with a lawyer.
One special case we are aware of is Estonia. As of 2018 in Estonia, small invoices are not required to contain more information than the invoice number and purchase details. Under GDPR this translates into “you must anonymize your invoices.” Obviously, there are a bunch of exceptions for this. (We’re writing a longer post on this topic – stay tuned.)
So make sure you understand your local laws!
Note: if your WooCommerce store doesn’t have user accounts and is linked to a 3rd-party ERP or accounting system and order details are sent there, you might wish to delete orders from WooCommerce after they have been paid for or completed. This will, of course, break refund functionality. However, from a data safety perspective, it might make sense to do so even if you have legal grounds for storing the data.