Data retention

As part of getting the site GDPR ready, our organization is responsible for creating any plans or documents that detail how long the site retains any personal data that is collected. WebSphere Commerce does not provide any functionality for creating a retention plan.

WebSphere Commerce does provide functionality that our organization can use to delete data from the database when our organization no longer needs the data or when you need to directly erase data. Your organization is responsible for erasing any collected personal data that is retained within your system when the data is no longer needed. Your organization is responsible for determining the data retention period for specific personal data types. For instance, order history data might need be retained while any return policies or warranties are in effect. Order the data might also need to be retained for a specific period for auditing and other business purposes. After the retention period elapses and the data is no longer needed, we can erase the data.

To help our organization delete data when that data is no longer needed, WebSphere Commerce provides a database cleanup utility. Your organization can run the utility on a schedule to erase personal data that is no longer needed. This utility is configured by default to delete some types of data based on parameters that we can configure when you run the utility. If the site collects more personal data than can be collected with the sample store pages and features provided with WebSphere Commerce, we can configure the utility to erase the additional data.

By default, WebSphere Commerce is configured to store data within only the WebSphere Commerce database. The Database Cleanup utility can remove data from only this database. If you store data in another database or location, we are responsible for developing a method to remove data from that database or location.

If you need to directly erase personal data from the WebSphere Commerce database, such as when a user submits a request for their data to be erased, we can customize and use SQL statements to erase the data. See SQL statements: Right to erasure.

• Database Cleanup utility
  The Database Cleanup utility provides you with the ability to delete data from the database. Run the utility periodically to remove any collected personal data that is no longer needed for the site.

• Database Cleanup utility objects
  Review the list of all data that the Database Cleanup utility supports removing from the database by default. The SQL statements used to remove the data is listed.

• Organization Administration Console
  Define any additional tables and columns that the Database Cleanup utility needs to remove data from when the utility runs. If you need to delete different types of personal data or delete data under different conditions that the conditions that are configured by default, we can add the appropriate custom SQL statements. If the site collects any personal data in addition to the data that can be collected by the pages and functions that WebSphere Commerce provides by default, configure the utility to erase your additional data when the data is no longer needed.

Related concepts
General Data Protection Regulation (GDPR) and WebSphere Commerce