Webshop: safely destroying customer data and packing slips
A webshop feels like a digital business. Orders come in online, payment runs through a provider and the customer records sit in a system. Yet in almost every warehouse there is a surprising amount of paper with personal data. Packing slips, return labels, return forms, supplier invoices and printed complaints, each with names, addresses and order history. On top of that, the digital customer database grows every day, with data that one day needs cleaning up and partly destroying.
For a webshop that is no detail. You process the personal data of large numbers of consumers, and consumers in particular are alert to privacy. A data breach from a carelessly discarded packing slip costs not only a report to the data protection authority, but also trust and reviews. This article explains which data a webshop holds on paper and digitally, how long you keep it, where the biggest risks are and whether you are better off shredding yourself or having it collected.
Which data does a webshop hold?
The paper side of a webshop is often underestimated. The table below lists the most common documents, with the period that practically applies.
| Document | Retention period | Note |
|---|---|---|
| Packing slips and order confirmations | Short, until handled | Name, address, order |
| Return labels and return forms | Until handled plus warranty | Sometimes a reason or complaint |
| Financial records | 7 years (tax) | Part of the accounts |
| Supplier invoices | 7 years (tax) | Part of the accounts |
| Complaints and correspondence | No longer than needed | May contain special data |
| Copy of ID (business customer) | As per legal basis | Especially sensitive |
A detailed overview per document type is in the retention periods cheatsheet. The main rule is simple. What falls under your accounts you keep 7 years, loose packing slips and labels no longer than needed for handling and warranty.
The return process: the biggest data breach risk
The biggest privacy pitfall of a webshop is in the returns flow. Return boxes are reused, and a reused box sometimes still holds the packing slip of a previous customer. If that box is shipped again, customer B receives the name, address and order of customer A. That is a data breach, however small.
In addition, return forms with complaints, sometimes about a medical product or a sensitive purchase, end up on a pile at the returns desk. Without a fixed route such a pile ends up in the bin or with the waste paper, unshredded and legible to anyone. A fixed procedure prevents that. Check every return box for leftover packing slips and collect loose documents in a locked bin for destruction.
What the GDPR requires of a webshop
Article 32 of the GDPR requires appropriate technical and organisational measures to protect personal data. That duty applies until a document is illegible. Throwing it out unshredded is therefore a reportable data breach, and with structural carelessness the data protection authority can impose a fine. How destruction fits the wider GDPR picture for SMEs is in GDPR requirements for SMEs and the general guide destroying confidential documents.
For a webshop the scale matters. You do not process a handful of files a year but hundreds or thousands of orders a month. That makes a structured destruction route no luxury but a necessity.
Destroy yourself or have it collected?
For a webshop with daily returns the paper piles up fast. The choice between shredding yourself and having it collected breaks down into clear pros and cons.
Yourself with an office shredder
- Pro: immediate and without an appointment for a few packing slips a day.
- Pro: no external party needed for small quantities.
- Con: slow at volume, the device jams during peaks after the high season.
- Con: a cheap shredder often does not reach a high DIN level for sensitive data.
- Con: no certificate, so no proof towards the data protection authority.
Have it collected and destroyed
- Pro: fast with boxes at a time, to the right DIN level.
- Pro: a certificate of destruction for your GDPR file.
- Pro: paper and data carriers arranged in one go.
- Con: you plan a collection, although that can be periodic and fixed.
The cost side with worked examples is in what does archive destruction cost. For most growing webshops, having it collected from a few boxes at a time is faster and cheaper than shredding yourself.
Periodic or one-off collection?
Do you have a one-off clear-out, for example when moving the warehouse? Then a one-off collection is enough. Do you produce return paper structurally, then a fixed frequency is handier. You then plan a collection each quarter, for example, or you place a locked bin that is emptied periodically. The trade-off between incidental and structural is in recurring versus one-off destruction.
A real-world example
Take a fashion webshop after a busy November. Black Friday brings record sales, but January brings a wave of returns. At the returns desk a pile of forms and loose packing slips grows, while in the warehouse boxes of old records from the past season pile up. Shredding it yourself costs staff hours they do not have. With a periodic collection the whole pile disappears in one go, destroyed to the right level, with a certificate the webshop can show immediately if a complaint arises. No more full bins with legible addresses, no forgotten box in the attic.
What does a fixed destruction route deliver?
A fixed route is more than tidy housekeeping. It saves your team time, because no one spends an afternoon at the office shredder. It makes you GDPR-proof, because every confidential document demonstrably ends up with the right party. And it strengthens the trust of your customers, who can count on their data not ending up out on the street. For a webshop that runs on reviews and repeat purchases, that last point is no side issue but part of the reputation. A data breach that makes the news often costs more than years of careful destruction.
The digital side: customer database and data carriers
Most of your customer data is not on paper but digital, in your webshop system, in exports and in backups. The GDPR requires storage limitation, so cleaning up data you no longer need. Deleted records in a database are one thing, but old data carriers are another story. A phased-out server, an external backup drive or an old laptop often still holds complete customer files.
Deleting a file does not fully erase the data, and on SSD software wiping is unreliable. For certainty, physical destruction of the carrier is needed. Read the approach in data destruction. The practical advantage is that you can hand over paper and data carriers in the same collection, each destroyed to its own level, with serial numbers on the certificate.
Common mistakes at webshops
- Leaving packing slips in reused boxes. Check every return box before you reuse it.
- Throwing return paper out with the waste paper. Unshredded, that is a data breach.
- Only thinking of paper. Old backup drives and phased-out hardware hold customer data just as much.
- Keeping no proof. Without a certificate you are empty-handed in a data protection investigation.
Arranged in 5 steps
- Collection point. Place a locked bin at the returns desk and the warehouse.
- Separate keep from go. Keep financial records for 7 years, loose packing slips can go after handling.
- Choose a frequency. One-off for a clear-out, periodic for daily returns.
- Have it collected and destroyed to DIN 66399 P-4 or P-5, together with any data carriers.
- Keep the certificate for at least 5 years in your GDPR file.
The proof: certificate of destruction
After every collection you should receive a certificate of destruction with the date, quantity and the DIN level applied. For a webshop that is extra valuable, because with a complaint or a data protection query you can immediately show that customer data was carefully destroyed. Keep the certificate in your GDPR file.
Warehouse full of return paper?
We collect your packing slips, return labels and old records and destroy them confidentially, with a certificate. Data carriers can come along in the same collection. No call-out charge within 20 km of Amsterdam.
Request a quoteFrequently asked questions
Is there personal data on a packing slip?
Yes. A packing slip or return label contains a name, address and often the ordered product. That is personal data that must be destroyed confidentially.
How long must a webshop keep order data?
The financial records fall under the 7-year tax retention obligation. Loose packing slips and return forms you keep no longer than needed for handling and warranty.
Do I have to clean up the customer database too?
Yes. Besides paper you should delete digital customer data that is no longer needed, and physically destroy old data carriers.
What is the risk of a packing slip in a box that is returned?
A packing slip left in a reused box with another customer's data is a data breach. Check return boxes and destroy loose packing slips before a box is reused.
Do I get a certificate for my webshop records?
Yes. After every collection you receive a certificate of destruction with the date, quantity and DIN level for your GDPR file.
Conclusion
A webshop is more digital than average, but on paper still processes a lot of customer data, especially in the returns flow. Keep what is needed for tax, destroy the rest carefully and do not forget the digital carriers. With daily returns, periodic collection is faster and safer than shredding yourself, with a certificate as proof. That keeps both the data protection authority and your customers happy.
Have your webshop records destroyed? Request a quote via desnipperaar.nl or see how to have paper shredded. Within 5 minutes you have a fixed price.