How to process GDPR webhook customers/data_request

user072319
Excursionist
80 0 7

Hello there,

Can anyone please explain how to implement webhook customers/data_request? In customers-data_request documentation its mentioned that

It's your responsibility to provide this data to the store owner directly.

When I clicked REQUEST CUSTOMER DATA from dashboard customer section, I got an email to store owner's email with information like customer, order etc with downloadable csv file links.

So while processing this webhook request what should I do?

0 Likes
Visely-Team
Shopify Partner
1838 210 439

Do you have a public app that is storing any of the PII information in your database/your servers? If no, there is nothing to be done. If yes, then you most probably already subscribed to some webhooks from this list - https://help.shopify.com/en/api/reference/events/webhook. GDPR web hooks are no different.

 

Once you receive the 'customers/data_request' message you have to send the store owner the information for the requested user and you can either automate this, or do it manually through email.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
0 Likes
user072319
Excursionist
80 0 7

@Visely-Team Yes, I'm storing customer and order details. When I clicked on REQUEST CUSTOMER DATA, I already got an email in the store owner email. So do I need to send the details again? 

0 Likes
Visely-Team
Shopify Partner
1838 210 439

The data you see being sent are Personal Identifiable Information (PII) related to the customer that Shopify stores on its side. Each third party app must send their own records on the customer to the store owner.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
0 Likes
vadymds
Shopify Partner
3 0 0

Couldn't you describe in what way should I return the requested data?

 

From this article: https://shopify.dev/concepts/trust-and-security/gdpr#customers-redact
`It's your responsibility to provide this data to the store owner directly`

Is it mean I should send an email to the store owner with a prepared response or just return the data in the webhook?

 

Thank you.

0 Likes
Visely-Team
Shopify Partner
1838 210 439

@vadymds you should provide the merchant with all the data you have on record for the customer that requested the data. It's the merchant responsibility to pass that information further. You don't have to send anything in response for the webhook.

Sergiu Svinarciuc | CTO @ visely.io
- Was my reply helpful? Click Like to let me know!
- Was your question answered? Mark it as an Accepted Solution!
- To learn more about the awesome stuff we do head over to visely.io or our blog
vadymds
Shopify Partner
3 0 0

Thank you for your quick response!

I appreciate it!

Have a nice day!

0 Likes
tinyemail
New Member
2 0 1

We use Shopify API to fetch customers data in our application. When we receive 'customers/data_request' how can we identify merchant email to be notified?, when by oauth flow

we got only accesstoken no other information.

 

Thank you.