Processing GDPR Deletion Requests

Under GDPR, customers have the right to request deletion of their personal data. When you receive a request — by email, in person, or through any channel — you have 30 days to comply. Log the request immediately in POS > Customers > GDPR > Log Request with the date received, the customer identity, and the channel through which the request was made.

Find the customer in your database. Click GDPR > Delete Data. The system removes all personal identifiers — name, phone number, email address, and notes. Transaction records are anonymised: the sale amount, date, and products remain but the customer link is severed. This preserves your financial records for tax purposes while removing personal data.

After deletion, the system generates a confirmation record with a timestamp and the processing staff member. Send confirmation to the customer that their data has been deleted. The deletion itself is logged in the compliance audit trail — recording that a deletion occurred, when, and by whom, without storing the deleted data.