GDPR for osCommerce – shop side

By | June 2, 2018

This is a continuation post, please also see “GDPR for osCommerce part 1

In the previous post we talked about allowing the Shopowner to get consent from customers and saw an easy way to get that consent. In this post I’m going to look at providing a mechanism on the Shop Side to allow the customer to;

  1. See his data
  2. Download his data
  3. Delete his account

1. Allowing the Customer to see his Data

A new gdpr page, which is modular – this means we can easily add in new modules with no code changes. A bunch of “Display” Modules for this page as so;


Just some text, which can be changed by shopowner to more appropriate words.

Personal Details

Customers personal details. Notice the delete buttons by gender and dob, these delete the data with no page reload.

Contact Details

Customers Contact Details, including the accounts main address.

Extra Addresses

If the customer has additional addresses, these show here and are able to be deleted (without page reload).

Site Details

These details are not created by the customer, but by the site.

Site Actions

Certain actions are recorded in standard osCommerce. We added two more in the previous post.

IP Addresses

You may think you do not collect IP addresses. I *assure* you that in certain circumstance you do! And IP addresses are personally identifiable data. These IP addresses can be deleted by the customer.


Review can be anonymized and/or deleted by the customer (both without a page reload).


This is not personal data exactly, but it’s simple enough to show the details so why not.

In your Cart

Again, not personal data, but we show it anyway.

Product Notifications

Let’s show the customer what products he has signed up to receive notifications.

Cookie Details

All the cookies that your site has written to the customer show here. The only essential one is oscSid, so if you write others, the customer can delete them.

2. Download Data

Lastly, there is a very special module that allows the Customer to download all of his data in one shot to a portable file.

Download My Data

Clicking this button invokes the download.

3. Delete Account

This is a special GDPR module that interacts on the account.php page to add a new link.

You can also see a link to the actual Display page as well.

Clicking the “delete” link leads to;

Where the customer can self delete his account.
This deletes everything except for Order Data.

4. Other Modules

Email Popup

I created a nice email popup for create_account.php which explains what the shopowner does with the potential customers.

Other Display Modules
There are a couple of other “Display” modules, but I’ll cover those in a future post as they are for other pieces of software that only 28d (28 Days Of Code, 2018) buyers have.


Lets allow the customer to see, download and (if he wants to) delete his account…
I believe that in the runup to May 25th everyone was over-worried about GDPR. Since the 25th I have had two requests for Data one of which was fake and out to cause trouble. But if you have a big shop with 1000s of customers, the use of these easy scripts may save you 10s or 100s of hours of work in collating customer data.

Leave a Reply

Your email address will not be published.