EU data privacy regulations have for many years given the public the right to request a copy of all the data an organization holds on them. The organization was allowed to charge a reasonable fee for this service, typically £10 in the UK or a similar amount in Euros. The nominal fee was in most cases not enough to cover the real cost of providing the data, but was at least a deterrent to spurious and unnecessary requests.

However, the GDPR requires that organizations provide the full data held on an individual free of charge, and within 28 days. This aspect may in time be the most onerous on businesses, though at present it is not getting much attention. While there will undoubtedly be an increase in legitimate, well intentioned requests, it's also possible that requesting data could also become a practice to test or inconvenience companies that consumers may have a dispute or disagreement with. Regardless, the company is compelled to respond.

To make this process as simple as possible from Kartris, we've created a data export button on the customer edit page. If a member of the public requests data, you can extract this from Kartris by simply finding the users record in Kartris with an email search, and then using the 'GDPR export' button.

This will format a plain text file containing all data linked to that email address:

• Customer data
• Street address records
• Details of all orders, including the items purchased in each
• Copies of all reviews submitted by the user
• All wishlists created by the user
• All saved baskets created by the user
• All support tickets created by the user, including full thread discussion

The data is formatted in a fairly raw state, with the database field name (in square brackets) followed by the value. This is to ensure that the user receives the full set of data and no fields are emitted.