Reply to post: Re: Commercial relationship?

Consent, datasets and avoiding a visit from the information commissioner

Doctor Syntax Silver badge

Re: Commercial relationship?

> For a one-off purchase, there is no legal reason to keep details of the customer, and the old practice of requiring that someone set up an account before being able to buy something will no longer be tenable.

That's also not strictly true.

You may need to retain the customer's details (in the form of your invoice) for tax purposes. GDPR provides for this with Section 6(1)(c) Compliance with a Legal Obligation.

That's rather a different situation than insisting on the customer set up an account with a login ID and password and hold all sorts of information against it "so as to make your purchases easier next time". It's liable to mean that they want to hold payment methods such as card number/expiry date/security number. The card number might reasonably be held as long as the distance selling cooling off period. If I only want a one-off purchase I don't want any of it held longer than the length of time it takes to go through. As to the user name and password making hypothetical repeat purchases easier it's quite easy, and preferable, to enter my name and address again as opposed to either setting up a unique set of credentials and then looking them up again or of giving some generic credentials which will be usable elsewhere should their site leak.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon