Please note that this article does NOT constitute legal advice.

This article discusses how the Infosys Equinox 8 platform supports compliance with the European Union’s GDPR.

Overview

The European Union’s General Data Protection Regulation (GDPR) is designed to pass the balance of power back to the individual in how their personal data is processed.

Infosys Equinox 8 includes key features to help businesses address GDPR requirements across relevant commerce processes and operations. The capabilities included in Infosys Equinox 8 for GDPR support are consent management, personal data management, and reporting.

Consent Management – to meet the GDPR regulations, consent must be freely given, specific, informed and unambiguous. Infosys Equinox 8 enables users to give informed consent through clearly worded and easy- to-understand opt-ins — and consent is acquired for specific purposes. It is not a catch- all for all current and future processing of customer data. Infosys Equinox 8 offers better transparency and customer engagement by allowing users to grant consent for their personal data to be captured and processed within the platform.
Customer Account Closure/Freeze – GDPR requires that users be granted the right to be forgotten and have a right to restriction of processing of their personal data. Infosys Equinox 8 allows users to close or freeze their accounts using self-service or through customer service representatives.
Personal Data Reporting Under GDPR – users should have a right of access to their personal data. Infosys Equinox 8 allows users to generate personal data reports that can be downloaded from within their accounts.

Consent Management in Infosys Equinox 8

The Consent Management feature offers better transparency and customer engagement, by allowing users to grant consent for their personal data to be captured and processed in Infosys Equinox Commerce 8. This feature covers both anonymous user (Guest) and registered user (Customer) consent management. Anonymous users or Guests can manage the consent of their anonymous user data which is associated to their personal customer data when they register an account. Registered users or Customers can manage the consent of their personal customer data throughout their Infosys Equinox Commerce 8 journeys and then update (grant or revoke) consent in the My Account area of their user accounts.

Guest/Anonymous User Consent allows a guest/anonymous user to give or revoke consent to be tracked through a browser cookie
My Account / Consent Management allows a customer/registered user to have a view of all their consents given or revoked and the ability to change them

Acquiring Guest/Anonymous User Consent

The screenshot below is an example of clear and unambiguous consent capture of a guest user on the Infosys Equinox reference storefront.

Consent Management in User Account Settings

The reference storefront implementation of allowing a user to enable/disable consent settings for various opt-ins very clearly is shown below.

Customer Account Closure/Freeze in Infosys Equinox 8

Infosys Equinox Commerce 8 allows customers to close (delete) or freeze their accounts at any time using self-service through their user accounts or through a customer service representative. For example, this can be done using the new Freeze My Account or Delete My Account options within the My Account section.

When a customer triggers the deletion of their account, the following process executes:

Deletion of Customer Data – the customer’s personal data such as their address book, payment information, order, and cart data is deleted from Infosys Equinox 8
Personal Data Audit Logs – the personal data audit logs associated with a customer are deleted once all personal customer data is deleted

Deleting/Freezing User Account through My Account Options

As shown in the screenshot below, customers can request that their personal data not be processed through the Freeze my account option or they can request that their data be erased and the account closed through the Delete my account option. Both options are available under Privacy Settings in the My Account section of the reference storefront.

Customer Service Representative (CSR) Options to Delete/Freeze User Accounts

Users also have the option of contacting a business’ Customer Service team to ask for their accounts to be closed or temporarily restricted for processing personal data. The Infosys Equinox 8 admin console screenshot below shows how a CSR can freeze or delete a customer’s account.

Personal Data Reporting in Infosys Equinox 8

As shown in the screenshot below, customers can export a copy of their personal data through the Export my personal data information option under Privacy Settings in the My Account section of the reference storefront.

Developer Resources for GDPR Compliance

Customers’ personal data is collected in the following microservices for relevant objects:

Customer (Customer Profile)
Personal details (Name, Email, Phone)
Shipping Addresses
Consent Settings
Order (Order data)
Payment (Payment methods)

Retrieval and Processing of Personal Data

Personal data collected for the above objects in various microservices can be retrieved and processed in Infosys Equinox 8. Data can be retrieved and processed to support GDPR requirements for a customer’s right to access personal data, right to be forgotten or their right to restriction of processing of their personal data. Data can be accessed and processed through the following service endpoints:

Customer Profile Data: Get Customer Profile
Customer Address Book: Get All Addresses for a Customer
Customer Payment Methods: Get Customer’s Payment Methods
Customer Cart Data: Get Customer Cart
Customer Order Data: Get Customer Orders
Delete Customer Profile: Delete a Customer
Delete Customer Cart: Delete Customer Cart
Delete Customer Payment Method: Delete Customer Payment
Delete Customer Address: Delete Customer Address