As you may already know, GDPR (The General Data Protection Regulation) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).
What GDPR requires you to do is to inform all your website visitors and clients what information you collect about them. As most of our PHP scripts collect such data it’s important for you to update your website and inform your clients why you collect information about it and how you store it. Furthermore, you need to provide an easy way for your clients to request data to be removed. And here is the tricky part!
First, let me explain how our scripts work in general. Let's take a booking engine for example, where your customers fill in details when making a reservation. When people fill in a reservation form they provide their personal details to make a booking. These details are processed by the script and stored in MySQL database. All the data is processed on your server and is stored there too. In general you should be able to see all client’s data when you login your script administration page and view details for the reservation - client’s name, email, phone, etc..; IP address used when reservation is made; and of course actual reservation data - date, time, place, item, etc.. Pretty much the same principle applies to the other scripts - e-commerce, content management, polls & voting, etc..
GDPR requires you to allow your visitors to delete their personal details if they wish. But how would you delete a reservation and lose its details? It just does not make sense! So if a customer asks this data to be deleted you have two options:
- to delete the whole reservation
- to delete customer details about the reservation but keep its details
You can imagine that with option 1) you will lose all details about a particular reservation and hence your booking engine will not work correctly - for example showing an item as available while it’s booked. So we really do not advise you do this. With option 2) you can just edit a reservation and replace customer details with some dummy data. This way the booking engine will function correctly but again you will not have information about your client and the reservation they made. So in both cases that data removal will cause you troubles.
Of course, you may have requests from customers who purchased in the past to delete their data. If we somehow ignore the fact that for PHP scripts which have Reports functionality, it will no longer show correct results, you can just go to script admin panel and delete that data. As there is no backup for the data (unless you manually do it) once a reservation is deleted from the database then all client’s data is also deleted. However, we strongly believe that this should be an entirely manual process so you can decide which data to delete!
Our advice is to make it clear on your website (not just script):
- what data you collect for your clients
- why you collect their personal details and why it’s important to have it - track past bookings/orders; make changes to current bookings/orders; etc..
- how they can request data to be removed - you can automate the process by creating a simple form using our Contact Form script.
And if someone wants you to delete the data, you just log in the script admin panel and delete it.
In conclusion, if you make it transparent to your clients there is nothing to worry about. Hopefully, the bureaucrats who invented this GDPR will soon reconsider it as it only causes troubles for all online businesses!