Make your business CCPA/GDPR compliant using NetSuite

CCPA (California Consumer Privacy Act) and GDPR (General Data Protection Regulation) are statutes that allow consumers more protection and control over their data. CCPA defines personal information as follows: “Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.”

The term ‘personal data’ is the entryway to the application of the General Data Protection Regulation (GDPR). When the processing of data encroaches on personal data, the General Data Protection Regulation applies. Personal data is comprised of any information which is related to an identified or identifiable natural person. Violators of GDPR may be fined up to €20 million, or up to 4% of the annual worldwide turnover of the preceding financial year, whichever is greater.

Companies must ensure that their websites are compliant with these statues. GDPR requires companies that collect personal data on their websites to first ask for consent. If an infringement of customer information occurs on a website or a breach of security is not reported correctly, organizations could risk steep financial and legal penalties.

NetSuite provides native mass updates for personal information removal. The mass update can be configured to remove information from specific fields and records, and also system information entries. Companies can decide which fields and records contain personally identifiable information in their account. Websites can ensure CCPA and GDPR compliance by adding an online case form specific to personal information removal. Once a support case is created, a support rep can run the mass update, confirm that personal information has been removed, and respond to the customer through the support case, creating a record that the personal information removal request has been completed.

How to set up personal information removal in NetSuite:

• Before any personal information can be removed, the feature needs to be enabled in NetSuite
• To do so, navigate to Setup > Company > Setup Tasks > Enable Features (Administrator)

• On the SuiteCloud subtab, check the Remove Personal Information box, and review the SuiteCloud Terms of Service, if necessary
• Click Save

• Next, navigate to Lists > Mass Update > Remove Personal Information

• In the New PI Removal Request field, select the record type as Contact
• Check the History and Fields box
• Enter the customer name and select all records and fields from which information needs to be removed

• Information for multiple customers can be selected using the same process
• Hit Save
• In order to prevent information removal requests created by mistake, the user has to confirm the request on the Personal Information Removal Requests page

• Once the request has been confirmed by the user, a script runs to remove the selected personal information and the status shows Complete
• Navigate back to the customer record to confirm removal of personal information

• In addition to personal information, this action also removes all system information from the audit trail

If you want to ensure that your website is CCPA and GDPR compliant, schedule a consultation with the 79Consulting ecommerce team to implement personal information removal requests.