Are responses required after data deletion for GDPR webhooks?

aycaataer · June 28, 2022, 3:04pm

Hello,

We are developing a public app solution for Shopify marketplace. We have been checking mandatory GDPR webhooks and have a question:

As I understood from GDPR webhooks technical requirements, it seems we are only supposed to gather these requests and return 200 to show we successfully received the request in scope of subscribing into GDPR webhooks. Could someone confirm that there is no technical requirements on returning a response once related data removed from our platform? Are we also required to return a response when we successfully deleted data? or that process only between us and the merchant after that time?

I am trying to understand technical requirements for public app solutions and respond webhook part sounded little bit vague.

Thanks for help.

InfiniteCom · June 29, 2022, 12:24am

Your understanding is correct, that is how we understood it too.

In summary:

Validate the request
Return. 200 OK
Remove the data within 30 days unless required by law to keep it

There is no other end points to call later for confirming deleting the data

aycaataer · June 29, 2022, 8:53am

Thank you, I really appreciate your answer

Topic		Replies	Views
Why am I not receiving GDPR webhooks from my data deletion requests? Shopify Apps shopify-apps	0	1	February 8, 2024
Compliance Webhooks Technical Q&A javascript	1	57	October 3, 2024
Customers/data_request: how the webhook information is processed Shopify Apps	0	10	February 25, 2021
Customers / data_request: cómo se procesa la información del webhook Apps de Shopify webhooks	0	36	February 25, 2021
Customers/data_request: how the webhook information is processed Apps de Shopify webhooks	0	6	February 25, 2021

Are responses required after data deletion for GDPR webhooks?

Related topics