User Tools

Site Tools


Sidebar

magento_2:gdpr

For more details see the GDPR for Magento 2 extension page.

GDPR for Magento 2

Make your store compliant with the latest EU's GDPR and other legislative requirements. Create and manage privacy policy documentation, add consent checkbox to the registration and checkout pages, and send email consent requests.

  • Collect consents with privacy policy
  • Manage privacy policy documentation
  • Send consent requests for customers with and without consents
  • Track privacy policy related activity in the actions log
  • Approve or deny requests to delete users' accounts

Extension Configuration

To configure the extension, please, go to Stores → Configuration → Amasty Extensions → GDPR.

General

Forbid customer's personal data anonymization and deletion for orders in certain statuses - Enable the option to disallow the anonymization of the personal data for the selected orders. While in these order statuses, users will not be able to anonymize their data.

When you enable the feature, the Order Statuses field with multi-select appears. Select the necessary order(s) to apply the option to them.

Enable or Disable Privacy Settings Sections

You can display or hide the following sections in the customers' accounts:

Download Personal Data - If set to No, a customer will not be able to download personal data.

Anonymize Personal Data - If set to No, a customer will not be able to anonymize personal data.

Delete Account - If set to No, a customer will not be able to delete account.

Notifications Configuration

The extension supports three types of email notifications. These are:

  • Anonymization Notifications
  • Delete Account Notifications
  • Consent Request Notifications

Expand the appropriate section to adjust the Email Sender, Email Reply To and Email Template settings. Also, you can enable admin 'Delete Account Requests' notifications. In such case, an admin user will receive a notification each time a customer requests to delete the account.

Please, mind that leaving the Email Reply To field empty will result to email replies to the Email Sender address.

Privacy Checkbox Configuration

Please, expand the Privacy Checkbox section:

Display Only for EEA Countries — enable this options to display a privacy policy consent checkbox only for users from the European Union countries; You can multi-select the needed countries manually.

The Geo IP Data module should be configured. To make this option functional.

Consent Text — specify the consent text that will be displayed next to the checkbox;

Display at Registration — enable to add a privacy policy consent checkbox to the Registration page;

Display at Checkout — enable to add a privacy policy consent checkbox to the Checkout page;

Display at Contact Us — enable to add a privacy policy consent checkbox to the Contact Us form;

Display at Newsletter Subscription — enable to add a privacy policy consent checkbox to the Newsletter Subscription form.

Enable Cookie Policy Bar — enable the information or confirmation cookie policy bar;

Disallow a customer to interact with the website until the Cookie Policy is accepted? - enable the feature if you want to block the access to the site until a customer gives a Cookie Policy consent.

Cookie Policy Text — specify the cookie policy text, as well as include a link to the policy page;

Cookies to Exclude — choose cookie files that won't be used when a customer refuses the cookie policy.

Cookie Policy Bar Location - Place a cookies consent pop-up at the top (Top) or button (Footer) of the page.

A sample of a cookies consent pop-up at the bottom of the page:

With a pop-up color picker, you can specify a color for the following elements:

  • Background color of Cookie Policy Bar
  • Buttons color of Cookie Policy Bar
  • Buttons text color of Cookie Policy Bar
  • Text color of Cookie Policy Bar
  • Links color of Cookie Policy Bar

Geo IP Data Configuration

The extension uses Geo IP Database to detect site visitors' location. Please, go to Stores → Configuration → Amasty Extensions → Geo IP Data.

Then, expand the Download and Import section and hit the Download and Import button. Wait for the database being downloaded and installed.

Privacy Policy Document Management

To manage the privacy policy documentation, please, go to Customers → GDPR → Privacy Policy.

Hit the Add New Policy button to create a new privacy policy document.

Comment — specify the privacy policy title;

Policy Version — set the privacy policy version;

Policy Status — change the privacy policy status;

Policy Content — fill in the privacy policy text using the WYSIWYG editor.

To create the privacy policy documentation in additional language, please, switch to another store view using the Store View dropdown menu. Choose the required store view and specify the policy in the corresponding language.

When the privacy policy document is ready, hit the Save button to return to the grid. Also, you can state the version as Draft if it is not completely ready.

On the grid you can manage the existing privacy policy documents: create, update, and delete them.

Customer Consents Grids

Please, go to Customers → GDPR → Customers With Consent.

{{ :magento_2:gdpr:magento-2-gdpr-00006.png |

On this grid you can see:

  • all the existing customers who agreed to the privacy policy;
  • the version of the privacy policy for which the consent was received;
  • the date a consent was received;
  • the website/store view;
  • the place of the given consent (Registration, Newsletter Subscription, Contact Us form or the Checkout page);
  • the IP address of a customer.

Using the Actions dropdown menu you can Email Consent Request to the selected customers. In that case, they will receive an email request to agree to the latest privacy policy version.

Next, proceed to Customers → GDPR → Customers Without Consent.

On this grid you can see the list of customers who didn't agree to the provided privacy policy or never given a consent.

Using the Actions dropdown menu you can Email Consent Request to the selected customers. In that case, they will receive an email request to agree to the latest privacy policy version.

Customer Consents Email Queue

You can take a look at the current progress of the email sending by going to Customers → GDPR → Customer Consents Email Queue.

Delete Requests Management

When a customer requests for account removal, the request appears on the special grid. Please, go to Customers → GDPR → Delete Requests.

On the grid you can see all incoming requests. You can approve or deny any request:

  • Select the requests you want to reply;
  • Choose the appropriate option from the Actions dropdown menu;
  • Hit the Submit button.

When a customer allows, disallows or revokes cookie policy consent, the action is recorded to the Cookie Policy Consents grid. To check it, please, go to Customers → GDPR → Cookie Policy Consents.

Here you can see each cookie policy consent status (received, disallowed or revoked), consent types, the date of each action commitment and another accompanying data.

The earlier consents for the same customer and in the framework of the same status are being overwritten (updated). This is to avoid your Database overflow by cookie policy consent records.

Say, your customer:

  1. Gives a consent to your cookie policy → the 1-st record appears;
  2. Revokes his consent → the 2-nd record appears;
  3. Gives a consent ones again → the 1-st acceptance record will be overwritten. This means, that for this customer 2 records will remain.
  4. Revokes his consent again → the record mentioned in the p.2 will be updated.

As a result, only 2 records for this customer will remain on the grid.

Action Log

Please, go to Customers → GDPR → Action Log.

On the grid you can see all actions performed by store users regarding privacy policy consents and the GDPR-related account management.

Frontend Functionality Overview

With the GDPR extension for Magento, one can add privacy policy consent checkbox to the registration and checkout pages (see this section for details).

This is how the privacy policy document looks for store visitors:

In the customer's account the new tab called Privacy Settings is added:

From this page, customers can:

  • download all their personal data in the CSV format;
  • anonymize their personal information;
  • request for account removal;
  • revoke the Cookie Policy consent.

Find out how to install the Admin Actions Log extension via Composer.

Rate the user guide
 stars  from 1 votes (Details)
magento_2/gdpr.txt · Last modified: 2018/10/31 10:23 by karpova