I know I can do it directly in SQL, but I'm wondering if there is a way of doing it in code.

Hi,

There is no builtin function to delete old users (IIRC then you can't even delete users, let alone do it in batch. You can delete contacts, but not users). If your purpose of doing that would be performance, then upgrading to latest version will yield much better return on investment.

If you do it for GDPR compliance then it can be much trickier. I'd suggest to contact our develop support for that.

It's not really a problem, but I like to keep a clean system :)

Those 20 million users consume about 11 GB of storage in the database, and it feels a bit wasteful to keep all those anonymous users when they aren't used for anything (users never log in to the commerce part of the site, so there should hopefully not be any personal information connected to those users (the shipping info should only be stored on the cart/purchase order)).

Hi Quan,

For GDPR purposes, how would you recommend deleting users to keep in line with the right to be forgotten?

I'm not an GDPR expert - far from it - but what I understand is that you can just delete that contact and that should be enough. The orders are "financial contracts" and therefore are exempted from GDPR rules. But again don't take my words for granted.

Thanks a lot. Will investigate a bit further, but it's already a good lead. have a gr8 friday!

Financial records are (at least in Sweden and Denmark) regulated by different laws which override GDPR. In Sweden you must keep the financial records for 7 years, and in Denmark 5 years, so you are legally obligated to keep those records for that amount of time.

An important thing a lot of people forget is that they also have to erase personal information from log files, which means that if a customers sends a "Right to be Forgotten", you have to erase their information from log4net (or other logging solution) logs as well.

I use Serilog for most of our logging (logging to a database), and tag each entry with something I can use to find the log entries with (such as an order number, or an e-mail address), and then finding log entries to remove is quite easily done.

Thanks for the extra info Patrick. Will keep that in mind. have a good one!

Hi again guys,

UserManager<>.Delete(user) works fine. Contact is succesfully deleted from the cms.

However, i am using CustomerContext.CurrentContact.DeleteCustomerContactOnly(); to delete contact from the commerce db, but nothing seems to happen.

Is there something that I am missing regarding deleting users from commerce?

Regards,

Rui Vaz

I would suggest to go with DeleteWithAllDependents. It only deletes contact-related information (billing address, etc.) It does not delete the orders associated 

That was the first one i tried. Nothing happened either :/ i suppose i am missing something. not sure what tho.

It does not delete the users, it deletes the current contact. If you go to this 

and the contact disappears then it worked

Thanks!

Yes i am aware. But contact doesn't disappear from that table :) Maybe I have to log out user after deleting? I know that a user is created in the commerce db upon first login. Maybe if he's still logged in after deletion he is recreated?

Do you have a feature that allows customers to delete their own contact information? 

It seems to me this is a cache problem. Does it disappear if you IIS reset? If you actually looked into db then ... is there anything in log?

Hi Quan.

Yes i am. Goal is to be in compliance with GDPR right to be forgotten. Do you suggest a different approach?

I can confirm that if i sign out user after deleting it from commerce, it is removed from the commerce db.