Re: Mandatory GDPR Webhook Response

aycaataer · ‎06-28-2022

Hello,

We are developing a public app solution for Shopify marketplace. We have been checking mandatory GDPR webhooks and have a question:

As I understood from GDPR webhooks technical requirements, it seems we are only supposed to gather these requests and return 200 to show we successfully received the request in scope of subscribing into GDPR webhooks. Could someone confirm that there is no technical requirements on returning a response once related data removed from our platform? Are we also required to return a response when we successfully deleted data? or that process only between us and the merchant after that time?

I am trying to understand technical requirements for public app solutions and respond webhook part sounded little bit vague.

Thanks for help.

InfiniteCom · ‎06-28-2022

Your understanding is correct, that is how we understood it too.

In summary:

- Validate the request

- Return. 200 OK

- Remove the data within 30 days unless required by law to keep it

There is no other end points to call later for confirming deleting the data

Imagine editing your product and variant images on your local drive in realtime.
Checkout InfiniteSync Image Upload / Export and sync with you local or online drive

Did we answer your question? if yes, please like and/or accept the solution

View solution in original post

InfiniteCom · ‎06-28-2022