Photo: free stock photography (Unsplash licence) — see imprint
Know where personal data actually lives
Not just the customer table. The order export on someone's laptop, the backup from 2021, the support inbox, the analytics tool, the newsletter provider. You cannot protect or delete data you have not located.
Deletion must be a function, not a favour
When a customer asks to be deleted, that must be a button someone can press — including in the systems the shop syncs into. If deletion means 'a developer writes a SQL statement', it will not happen reliably.
Consent before the script runs
A cookie banner that loads the tracking script before the click is decoration. Load nothing until consent exists — this is a technical implementation detail that decides whether the banner means anything at all.
Keep the boring paperwork with the boring systems
Every external service that touches customer data needs a processor agreement, and you should be able to list them in one minute. If nobody can name all of them, that is the finding — not the paperwork.
- Locate every copy of personal data, including exports.
- Deletion has to be a button, not a favour.
- No script loads before consent exists.
We do this for a living — Shopware, Node.js, React, ERP integration and automation for B2B.
Talk to an engineer