GDPR Customer Data Export and Deletion

Under GDPR, customers have the right to request a copy of all data you hold about them. Go to POS > Customers, find the customer, and click GDPR > Export Data. The system generates a JSON file containing their profile, transaction history, loyalty points, and any notes. Download and send it to the customer. The request and fulfilment are logged in the compliance audit trail.

Customers can also request deletion of their data. Go to the customer profile and click GDPR > Delete Data. The system removes personal identifiers — name, phone, email — from all records. Transaction data is anonymised rather than deleted, so your financial records remain intact for tax compliance. The deletion is irreversible and logged with a timestamp.

When you add a customer, the system records what they consented to — marketing messages, loyalty tracking, data retention. You can update consent status at any time in the customer profile. Only send marketing communications to customers who have explicitly opted in. The consent log shows the date and method of each consent decision.

The GDPR Dashboard under Settings > Privacy shows total data requests received, average fulfilment time, and consent breakdown. This helps you demonstrate compliance if audited. AskBiz targets fulfilment within 72 hours — well within the GDPR 30-day requirement.