GDPR: Deleting Billing Data

TL;DR

This guide explains how to handle a user’s request to delete their billing information under the General Data Protection Regulation (GDPR), often called the ‘Right to be Forgotten’. It covers identifying data, securely deleting it, and confirming completion.

1. Understanding the Request

1. Verify Identity: Before doing anything, make absolutely sure you’re dealing with the actual person requesting the deletion. Use your existing identity verification processes (e.g., email confirmation to a registered address, multi-factor authentication).
2. Scope of Request: Clarify exactly what billing data they want removed. Is it everything? Just certain payment methods? Specific invoices? Get this in writing (email is fine).
3. Legal Timeframe: GDPR generally requires you to respond within one month. Keep a record of the request date and your actions.

2. Identifying Billing Data

Billing data can be spread across several systems. You need to find it all.

1. Databases: Check your main customer database for billing addresses, payment details (even if tokenised), and invoice history.
2. Payment Gateways: Your payment processor (e.g., Stripe, PayPal) will hold transaction data. You may need to request deletion from them directly – see their documentation.
3. Accounting Software: Systems like Xero or QuickBooks will store invoices and potentially customer billing details.
4. CRM Systems: Your Customer Relationship Management (CRM) might contain copies of billing information.
5. Logs & Backups: Don’t forget logs (e.g., web server access logs) and backups! These often hold historical data.

3. Secure Data Deletion

Simply deleting records isn’t enough. You need to ensure the data is unrecoverable.

1. Database Deletion: Use SQL DELETE statements, but be careful! Always test on a development environment first.

   DELETE FROM invoices WHERE customer_id = '12345';

2. Tokenisation Considerations: If you use tokenised payment data, understand if the token can still link back to the user. You may need to request token deletion from your provider.
3. Payment Gateway Deletion: Follow the specific instructions provided by your payment gateway.
   • Stripe Example: Use the Stripe API to delete customer objects and associated payment methods. See the Stripe documentation for details.
   • PayPal Example: Use the PayPal API or their resolution centre to request data removal.
4. Log Sanitisation: Anonymise or delete billing information from logs where possible. Be aware of legal retention requirements for financial records.
5. Backup Management: Ensure deleted data is also removed from backups within a reasonable timeframe. Overwrite old backups if necessary.

4. Confirmation and Documentation

Prove you’ve complied with the request.

1. Confirmation Email: Send the user an email confirming that their billing data has been deleted, specifying what was removed and when.
2. Record Keeping: Document everything! Keep a record of:
   • The original request date
   • Verification steps taken
   • Data identified and deleted
   • Deletion dates
   • Confirmation email sent
3. Audit Trail: Maintain an audit trail of all data deletion activities for compliance purposes.

5. Important Considerations

• Data Retention Policies: Review your overall data retention policies to minimise the amount of billing data you store in the first place.
• Legal Advice: If you’re unsure about any aspect of GDPR compliance, consult with a legal professional specialising in data protection.