Drugstores: destroying customer data
A drugstore processes more sensitive data than you might think at first glance. Customer and loyalty data, health-related purchases and self-care advice, passport photos and photo printing, receipts on thermal paper and camera footage pass through the shop every day. Part falls under the tax retention obligation, part is sensitive and should be kept as briefly as possible. This guide shows, by part, what you keep, when it may go and how to destroy it confidentially.
In short, you keep loyalty and customer data as long as the membership runs and the customer is active. The financial administration falls under the tax seven years. Health-related profiles, passport photos and photo files you clear out as soon as possible after delivery. What may go disappears confidentially and with a certificate.
Ordinary and sensitive data
At a drugstore two kinds of data run together. Ordinary customer data such as a name, an address or a webshop order belongs to normal business operations. Alongside this, sensitive information arises the moment a purchase or a piece of advice says something about a customer's health. A single receipt says little, but a profile that links purchases to a person can paint a picture of a condition or a treatment. That calls for extra restraint.
So treat the data per type. Loyalty data has a different status than a passport photo or a note about a self-care question. If you make that distinction, you keep exactly what is needed and clear out the rest on time. The GDPR does not ask you to keep everything just in case, but to keep data no longer than the purpose justifies.
Retention periods by part
The period differs per type of data. The overview below gives the main line. Count the tax period from the end of the financial year and the other periods from the moment the purpose has been met.
| Part | Starting point | Period |
|---|---|---|
| Financial administration and invoicing | Tax retention obligation | 7 years |
| Customer and loyalty data | As long as the membership runs | purpose-bound |
| Health-related purchases and advice | Sensitive, storage limitation | as briefly as possible |
| Passport photos and photo files | Until delivery and payment | purpose-bound |
| Receipts on thermal paper | No customer retention duty | clear out at once |
| Camera footage | GDPR, around 4 weeks | about 4 weeks |
Use this as a guideline, not a substitute for your own situation. When in doubt, consult your privacy adviser. The tax side and more periods are in the GDPR retention periods cheatsheet and in how long you keep documents.
Health-related purchases and self-care advice
Self-care advice at the counter, a question about a product or a purchase that points to a condition can reveal health data, and that is special-category personal data. A drugstore is not a pharmacy and usually keeps no medical file, but the moment you record such information in a customer profile or on paper a stricter regime applies. Keep that information recognisably separate, use it only for what it is meant for and keep it as briefly as possible.
Where a pharmacy does have long statutory periods for medication files, a drugstore usually has no such ground. Keeping it to come in handy one day is not a valid reason. Whatever you no longer need you clear out confidentially so that it does not fall into the wrong hands.
Passport photos and photo printing
Many drugstores offer a passport photo and photo printing service. A passport photo is a portrait and falls under portrait rights, and the associated files and prints are personal data. Keep passport photos and photo files only as long as needed to deliver the order. After delivery and the payment period you clear them out, both the prints and the digital files on the photo kiosk or the server. If you want to keep photos longer for a reorder, for example, that requires consent and a clear period.
Do not forget the physical side. Misprints, proof prints and returned orders contain recognisable portraits and do not belong with the ordinary paper bin. Collect them separately and have them destroyed confidentially along with the rest.
Receipts on thermal paper and camera footage
Receipts on thermal paper look innocuous, but a receipt can show part of a card number, a time or a health-related purchase. You have no retention duty for the customer receipt, so leftover or returned receipts you clear out rather than letting them lie around. More on this paper type is in thermal paper, receipts and boarding passes.
A drugstore often mounts cameras against shoplifting. Camera footage is personal data and you assign it a short retention period, as a rule around four weeks. After that you wipe or destroy the footage. An old recorder or hard drive from the camera system belongs with the data carriers you have destroyed confidentially, because a reset does not make the data irrecoverable.
How to handle it in 6 steps
- Split the data into administration, loyalty, health-related, photos and camera footage.
- Limit sensitive information to what you really need.
- Treat health and photo data separately and clear it out once the purpose is met.
- Keep the financial administration for seven years.
- Collect what may go in sealed containers, not in the paper bin.
- Have it destroyed confidentially with a certificate and record it in your register.
Destroy confidentially with a certificate
Customer data is destroyed confidentially, because it can contain loyalty, health, photo and payment data. The paper and any data carriers travel sealed and stay that way until destruction, so the chain is closed. An old till, photo kiosk or camera recorder with customer data belongs with it too.
Afterwards you receive a certificate of destruction with the date, quantity and level. That certificate is your proof towards the GDPR that you acted carefully. Record the destruction in your record of processing. We collect within 20 km of Amsterdam with no call-out charge, work nationwide through pooled collection rounds and charge a fixed price per box or roll container. Drop-off on site is not possible; it works by appointment through collection.
Customer data to be destroyed?
Tell us what you have and you get a fixed price. We collect it sealed, destroy it at the right DIN level and you receive a certificate for your GDPR file. No call-out charge within 20 km of Amsterdam.
Request a quoteCommon mistakes
- Keeping loyalty data forever. Without an active membership the purpose lapses.
- Treating health-related profiles as ordinary data. Those need extra care.
- Leaving passport photos and photo files in place. After delivery you clear them out, digitally too.
- Throwing away unshredded. Customer data on the street is a reportable data breach.
- Keeping no proof. Without a certificate you cannot demonstrate the destruction.
Frequently asked questions
How long does a drugstore keep customer and loyalty data?
Loyalty data you keep as long as the customer is a member and the programme runs. After that you clear it out. The financial administration falls under the seven-year tax retention obligation. Other customer data you keep no longer than the purpose requires.
Are health-related purchases special-category personal data?
A single receipt says little, but a profile that links health-related purchases or self-care advice to a person can reveal health data. That is special-category personal data. Be restrained with it and keep such information as briefly as possible.
How long may I keep passport photos and photo files?
Only as long as needed to deliver the order. After delivery and the payment period you clear out passport photos and photo files, both the prints and the digital files. Keeping them longer for later use requires consent and a clear period.
How do I destroy customer data in line with the GDPR?
Confidentially and with a certificate of destruction. Paper and data carriers travel sealed and the destruction is recorded in the record of processing.
Conclusion
A drugstore works with customer, loyalty, health and photo data, from an innocuous receipt to a sensitive profile. Keep the financial administration seven years, be restrained with health-related information and clear out passport photos, photo files and camera footage as soon as the purpose is met. What may go you have destroyed confidentially with a certificate as proof. That way you meet the GDPR and protect your customers' data.
Read also: jewellers: destroying customer data and the WWFT, trade unions: destroying member data, trade associations: destroying member data and webshop: destroying customer data.
Have customer data collected? Request a quote via desnipperaar.nl. Within a few minutes you have a fixed price, including a certificate as proof.