Jump to content

Delete client: for data protection reasons


Recommended Posts

I have been using Blesta for many years (I've been storing up my feature requests for years too - sorry!) and I know that this topic comes up from time to time, however, I would like to give what I believe is a strong case as to why it should be allowed to delete clients.
Firstly, I realise that it is not possible to delete clients if they have an invoice or service attached and I believe that the reason for this is for accounting purposes in particular geographic locations (one of them being the UK it would seem). 
However, in the UK we also need to comply with Data Protection laws. This says that we must not retain personal data for longer than necessary. See here:
According to the above page, we are allowed to retain the data if required for tax returns and this will not be considered to be retained for longer than necessary. So far so good...but according to my research, HMRC says that you only need to keep your business income records (including sales invoices) for 5 years after the submission of the tax return:
Therefore, my feeling is that UK businesses should be removing the client records after 5 years of them ceasing the relationship with the business, thereby complying with the data protection act that says that you must not retain personal data for longer than necessary. This is how I interpret the law and in my opinion this makes a much stronger argument for the necessity to be able to fully delete client records from Blesta.

Also submitted to: https://requests.blesta.com/topic/delete-client-for-data-protection-reasons (posted here for awareness)

Link to comment
Share on other sites

  • 8 months later...
@Paul I am grateful to see Blesta looking to adhere to GDPR: https://dev.blesta.com/browse/CORE-2463 Thank you.
However, it is still important for Administrators to be able to delete old (redundant) client information, to comply with UK Data Protection Laws, which will still apply alongside GDPR.
Therefore, it seems an opportune time to incorporate the necessary features at the same time as CORE-2463, as there is overlap.
To that end, the way I see this implemented is as follows:
  • A Company setting called "Client cleanup".
  • In Client Cleanup setting; specify number of days to delete clients considered to be redundant. 0 = never, 1826 = 5 years.
  • You have a granular setting to select the Client Groups that the client cleanup will effect. This allows clients to be protected from deletion, if required for a particular purpose (that hasn't been considered). 
  • The client cleanup will be an automated task, run once a day.
  • The client cleanup will work on clients with the following conditions met: 1. Marked as inactive in Blesta (which the admin does manually), 2. Has no active services, 3. Their last invoice was closed X days ago (as per number of days set in Client cleanup setting), 4. In client group(s) X (as per client groups set in client cleanup setting).
For example, this is how I see it operating: 
You enable client cleanup by setting the company setting with the number of days that you want to cleanup redundant clients. eg. I set 1826 = 5 years (Blesta would ship with this setting disabled by default by having it set to 0).
You then choose the "Default" client group and this will mean that the client cleanup will look for clients in the Default client group -> for any that have been marked as inactive -> have no active services -> their last invoice was closed 1826 days ago.
It is debatable as to whether there is the requirement for the client to first be manually marked by the Admin as inactive. It doesn't matter either way, but could be a useful safeguard - comments on this?
This comment is duplicated at: https://requests.blesta.com/topic/delete-client-for-data-protection-reasons (posted here for awareness)
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...