I'm interested to know as well. Let's say we apply this to ecommerce, and the user wants to be forgotten then what? You cannot delete order for sure.
One option is to decouple personal information with non personal information. In this case, it will become like your example I guess. We can see that the order was placed by user xyz but will see no personal information associated with that user. It gets trickier with information that you cannot delete, for example ip address, shipping and payment information. You obviously need these information for various things including future dispute if any.
Good thought! Would that fall under the exception in Article 17a, where the data is still needed in relation to the purpose for which it was collected? gdpr-info.eu/art-17-gdpr/
For further actions, you may consider blocking this person and/or reporting abuse
We're a place where coders share, stay up-to-date and grow their careers.
I'm interested to know as well. Let's say we apply this to ecommerce, and the user wants to be forgotten then what? You cannot delete order for sure.
One option is to decouple personal information with non personal information. In this case, it will become like your example I guess. We can see that the order was placed by user xyz but will see no personal information associated with that user. It gets trickier with information that you cannot delete, for example ip address, shipping and payment information. You obviously need these information for various things including future dispute if any.
Good thought! Would that fall under the exception in Article 17a, where the data is still needed in relation to the purpose for which it was collected? gdpr-info.eu/art-17-gdpr/