Do I have to provide information to my customers about their stored data?
February 7, 2023 | 50,00 EUR | answered by Andrea Schlattmann
Dear data protection lawyer,
I am Tina Ratzberg and I run a small online shop where I sell handmade products. Lately, some of my customers have started asking for information about the data stored by me. I am unsure if I am obligated to provide this information and what data I am allowed to disclose.
Currently, I store the contact details of my customers as well as their order history in order to organize the shipping of their products and to inform them about new products. I also have a privacy policy on my website where I explain data storage and processing.
My concern is that I may face legal consequences if I am unable to provide customers with the requested information. At the same time, I want to ensure that I comply with data protection regulations and do not disclose sensitive data.
Could you please explain to me if I am obligated to provide my customers with information about their stored data? If so, what data am I allowed to disclose and what data protection measures should I take to ensure I am legally compliant?
Thank you in advance for your help and support.
Sincerely,
Tina Ratzberg
Dear Tina Ratzberg,
Thank you for your question regarding the obligation of your customers to provide information about the data stored in your online shop. It is understandable that you are uncertain and need clarity about your legal obligations. As a lawyer specializing in data protection law, I am happy to provide you with a detailed answer.
In general, your customers have a right to information according to the General Data Protection Regulation (GDPR). This means that you are obligated to inform your customers upon request about the personal data you have stored about them, the purpose for which this data is processed, and to whom it may be disclosed. Customers also have the right to have incorrect data corrected or deleted.
The data you store, such as customer contact information and order history, are typically personal data according to the GDPR. Therefore, you must provide your customers with information about this data upon request. It is important that the information is clear, understandable, and provided free of charge. However, you must not disclose sensitive data such as health information or political opinions unless customers have expressly consented.
To ensure that you comply with data protection regulations, I recommend taking the following measures:
1. Update your privacy policy: Make sure that your privacy policy contains all the necessary information required by the GDPR, including the type of data collected, the purpose of data processing, storage duration, and customer rights.
2. Document data processing: Maintain a record of processing activities documenting all data processing processes in your online shop.
3. Ensure data security: Implement appropriate technical and organizational measures to ensure the security of stored data, such as encryption or regular security audits.
4. Employee training: Raise awareness among your employees about data protection and provide training on handling personal data.
By taking these measures and transparently informing your customers about their stored data, you can ensure that you are legally compliant and adhere to data protection regulations.
I hope this detailed answer has been helpful to you. If you have any further questions, please feel free to contact me.
Best regards,
Andrea Schlattmann
Lawyer specializing in data protection law
