GDPR - Deletion of old customer records

Problem reported by Charline Hurst 4 years ago

Hi

In line with new GDPR legislation we are obliged to delete old customer information over a certain age, however this does not seem possible in clearbooks if they have ever had any transactions.

Please advise, as this is a legal requirement by 25/05/18

Thanks

7 Replies

Hi Charline,

You will find that all contact information can be deleted bar the Customer/Supplier name, allowing all sensitive data to be removed from the system. The Contact name is the only mandatory field and is used to link invoices/bills to the entity within the system allowing reporting facilities to function.

For this reason, contacts cannot be deleted once a transaction has been allocated to them, even if that transaction is then deleted at a future date.

I would suggest removing all sensitive data and then archiving any contacts that you no longer do business with or exceed a certain age.

this would be a very time consuming process , have to say not v impressed

Hi Charline - I agree, assuming you keep the data for the 7ish years required by HMRC for your own accounting, if there's no longer any need to hold it, you must be able to delete it, and, as processor, CB should provide a facility to do this.

Theo, can you check this (with Ruth?) - the company's GDPR announcements cover it's own responsibility over our (user's) own data but I'm not sure there's been any announcement over how it acts as our processor, ie enabling us to comply with our own GDPR obligations as controllers.

Having said that, Charline, you could edit the contact (and any additional contacts) and change the name to ZZ001, ZZ002 etc, remove email addresses etc and archive them, that way their names will not appear anywhere in the system?

Editing the customer records would be a massively time consuming task. Is Clearbooks going to provide a discount to customers who have to do this?

If you use Clearbooks for your own accounting how are you remaining compliant if you can not delete your own data? (Eat your own dog food)

Plus HMRC is able to go back through records up to 6 years. If the records are available they can go back further. Why keep more data than we need to that could help them take an investigation long into the past?

It is also surely going to help Clearbooks since you wont need to store as much data.

If you allow the deletion based on entire accounting periods you can simply manage the accounts via "open balances" at the start of each period.

Afternoon Gents,

Your concerns have been acknowledged. A more sophisticated method of contact management is being considered by our development team to assist with client data protection compliance.

Identifying these clients is now easier with the recent update to the Contact report, now including "Date created" & "Last transaction date" fields. https://secure.clearbooks.co.uk/community/news/21775/improvement-contact-report-now-includes-date-created-last-transaction-date-fields

As more information becomes available I will be sure to update you.

Just for info, and to keep the pressure up, Sageone provide the ability to delete personal data without deleting the transactions and Pandle are soon to provide it.

Reply to this problem

Attach images by dragging and dropping or upload
 

Your comments will be public and can be answered by anyone in the Clear Books community.

Find out what we do and who we are