Shopify Is Not GDPR Compliant?

New Member
3 0 0

Has anyone in Europe been successful in deleting all customer data when they have been requested to?

I have had a customer request this. These are the guidelines set out by the Information Commissioners Office in the UK (

  • The UK GDPR introduces a right for individuals to have personal data erased.
  • The right to erasure is also known as ‘the right to be forgotten’.
  • Individuals can make a request for erasure verbally or in writing.
  • You have one month to respond to a request.

I have tried to delete a customer's account, but it says I can't because:

"The selected customer can't be deleted because they have placed an order."

So I have tried to "Erase Customers Personal Data" as suggested in the Shopify guide:

However, it informed me:


This is 6 months after requesting the erasure, even though as previously mentioned GDPR rules state that it must be deleted in one month.

I have chatted with "Bill" from Shopify support, who is now wanting to continue with this issue via email, as there seems no way to do this any quicker if the customer has placed orders.

This is a legal requirement for us in Europe. If we can't do it, we are open to fines and prosecution.

Surely someone has been able to delete a customer, who has previously placed and order, within one month?

If you have, can you let me know what you did?

If no one has, do we have a "showstopper" to using Shopify as an ecommerce platform in Europe?

Shopify Partner
102 15 17

That seems reasonable , but you can ask shopify to override it

By default, Shopify will not erase personal data if the customer has made an order in the last 6 months (180 days), in case a chargeback occurs. If a request for erasure is submitted in that time frame, then it will sit pending, and Shopify will action it once the appropriate time has passed. You do not need to submit another request.

If you would like to override this time delay (regardless of the risk of chargeback), then email Shopify at