How to process GDPR webhook customers/data_request

user072319 · ‎12-14-2019

Hello there,

Can anyone please explain how to implement webhook customers/data_request? In customers-data_request documentation its mentioned that

It's your responsibility to provide this data to the store owner directly.

When I clicked REQUEST CUSTOMER DATA from dashboard customer section, I got an email to store owner's email with information like customer, order etc with downloadable csv file links.

So while processing this webhook request what should I do?

Visely-Team · ‎12-14-2019

Do you have a public app that is storing any of the PII information in your database/your servers? If no, there is nothing to be done. If yes, then you most probably already subscribed to some webhooks from this list - https://help.shopify.com/en/api/reference/events/webhook. GDPR web hooks are no different.

Once you receive the 'customers/data_request' message you have to send the store owner the information for the requested user and you can either automate this, or do it manually through email.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog

user072319 · ‎12-16-2019

@Visely-Team Yes, I'm storing customer and order details. When I clicked on REQUEST CUSTOMER DATA, I already got an email in the store owner email. So do I need to send the details again?

Visely-Team · ‎12-16-2019

The data you see being sent are Personal Identifiable Information (PII) related to the customer that Shopify stores on its side. Each third party app must send their own records on the customer to the store owner.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog

vadymds · ‎06-04-2020

Couldn't you describe in what way should I return the requested data?

From this article: https://shopify.dev/concepts/trust-and-security/gdpr#customers-redact
`It's your responsibility to provide this data to the store owner directly`

Is it mean I should send an email to the store owner with a prepared response or just return the data in the webhook?

Thank you.

Visely-Team · ‎06-04-2020

@vadymds you should provide the merchant with all the data you have on record for the customer that requested the data. It's the merchant responsibility to pass that information further. You don't have to send anything in response for the webhook.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog

vadymds · ‎06-04-2020

Thank you for your quick response!

I appreciate it!

Have a nice day!

GregSmithRR · ‎09-20-2022

Would be great if the GDPR webhook docs would just say this. Feels weird to always have to come to the community forums to get clarification. Thanks for the info!

tinyemail · ‎04-30-2021

We use Shopify API to fetch customers data in our application. When we receive 'customers/data_request' how can we identify merchant email to be notified?, when by oauth flow

we got only accesstoken no other information.

Thank you.

Amichay · ‎08-23-2022

You are able to identify the merchant email by querying the shop endpoint: https://shopify.dev/api/admin-rest/2022-07/resources/shop

bloodyalbatross · ‎11-07-2022

But how do I query the shop in the webhook? I need a session to access that resource, but I don't have a session inside of the webhook. `

await Shopify.Utils.loadOfflineSession(shop_domain)` returns `undefined`.