Data retention
WebSphere Commerce does provide functionality that your organization can use to delete data from your database when your organization no longer needs the data or when you need to directly erase data. Your organization is responsible for erasing any collected personal data that is retained within your system when the data is no longer needed. Your organization is responsible for determining the data retention period for specific personal data types. For instance, order history data might need be retained while any return policies or warranties are in effect. Order the data might also need to be retained for a specific period for auditing and other business purposes. After the retention period elapses and the data is no longer needed, you can erase the data.
To help your organization delete data when that data is no longer needed, WebSphere Commerce provides a database cleanup utility. Your organization can run the utility on a schedule to erase personal data that is no longer needed. This utility is configured by default to delete some types of data based on parameters that you can configure when you run the utility. If your site collects more personal data than can be collected with the sample store pages and features that are provided with WebSphere Commerce, you can configure the utility to erase the additional data.
By default, WebSphere Commerce is configured to store data within only the WebSphere Commerce database. The Database Cleanup utility can remove data from only this database. If you store data in another database or location, you are responsible for developing a method to remove data from that database or location.
If you need to directly erase personal data from the WebSphere Commerce database, such as when a user submits a request for their data to be erased, you can customize and use SQL statements to erase the data. For more information, see SQL statements: Right to erasure.