User Tools

Site Tools



For more details see the GDPR for Magento 2 extension page.

Guide for GDPR for Magento 2

Make your store compliant with the latest EU's GDPR and other legislative requirements. Create and manage privacy policy documentation, add consent checkbox to the registration and checkout pages, and send email consent requests.

  • Collect consents with privacy policy
  • Manage privacy policy documentation
  • Send consent requests for customers with and without consents
  • Track privacy policy related activity in the actions log
  • Approve or deny requests to delete users' accounts

Extension Configuration

To configure the extension, please go to Stores → Configuration → Amasty Extensions → GDPR.

Expand the General tab.


Enabled - set to Yes display the consents on the frontend.

Forbid customer's personal data anonymization and deletion for orders in certain statuses - enable the option to disallow the anonymization and deletion of personal data for the selected orders. While in these order statuses, users will not be able to anonymize their data.

When you enable the feature, the Order Statuses field with multi-select appears. Select the necessary order(s) to apply the option to.

Enable or Disable 'Privacy Settings' Sections

You can display or hide the following sections in the customers' accounts:

Download Personal Data - if set to No, a customer will not be able to download personal data.

Anonymize Personal Data - if set to No, a customer will not be able to anonymize personal data.

Delete Account - if set to No, a customer will not be able to delete account.

Notifications Configuration

The extension supports three types of email notifications. These are:

  • Anonymization Notifications
  • Delete Account Notifications
  • Consent Request Notifications

Expand the appropriate section to adjust the Email Sender, Email Reply To and Email Template settings. Also, you can enable admin 'Delete Account Requests' notifications. In that case, an admin user will receive a notification each time a customer requests to delete the account.

Please, mind that leaving the Email Reply To field empty will result to email replies to the Email Sender address.

Privacy Checkbox Configuration

Expand this section to display and configure the privacy consent checkbox on the frontend.

Display Only for EEA Countries — enable this option to display a privacy policy consent checkbox only for users from the European Union countries; You can multi-select the needed countries manually.

EEA Countries - select the needed countries manually.

Use the Geo IP Data module to make this option functional. See how to configure the module here.

Consent Text — specify the consent text that will be displayed next to the checkbox;

Display at Registration — enable to add a privacy policy consent checkbox to the Registration page;

Display at Checkout — enable to add a privacy policy consent checkbox to the Checkout page;

Display at Contact Us — enable to add a privacy policy consent checkbox to the Contact Us form;

Display at Newsletter Subscription — enable to add a privacy policy consent checkbox to the Newsletter Subscription form.

This is how the checkbox will be displayed on the frontend:
If a customer gives his consent, for example, at the registration page, the checkbox won't be displayed on other pages until a new consent of privacy policy is released. Thus, the same customer won't have to confirm the consent every time.

To give your customers the opportunity to regulate their cookie usage, please go to Stores → Configuration → Amasty Extensions → Cookie Consent.

Expand this tab to adjust the Cookie Policy bar.

Enable Cookie Policy Bar - set to No to disable Cookie Policy Bar or specify the type of the bar to be displayed:

  • Notification bar - choose this type to show an informative message only.
  • Confirmation bar - enable this bar to provide customers with the clickable options to choose from. The extension makes it possible to Allow Cookies or to visit Cookies Settings page right from the bar.
See how a confirmation bar is displayed on the frontend here.

Disallow a Customer Interaction with the Website Until He Accepts or Declines Cookies - enable the feature if you want to block the access to the site until a customer gives a Cookie Policy consent.

Allowed Urls - if customers are disallowed to interact with the store, specify the URLs that the customers will be able visit. You can use a part of URL as per example: privacy-policy-cookie-restriction-mode. Each URL must be on a new line.

If you allow a Customer Interaction with the Website Until He Accepts or Declines Cookies, specify the additional bar setting:

Do Not Show Cookie Bar If No Decision Was Taken - if Yes, the cookie bar will not be displayed to a customer on new pages even though he doesn't accept or decline cookies. Thus, the customer will less distracted from purchasing.

Cookie Policy Text — specify the cookie policy text, as well as include a link to the policy page.

Cookie Settings CMS Page - define the page to place Cookie Settings tab. A separate ‘Cookie Settings’ page is set by default.

If changing to another CMS page, add “Amasty Cookie Settings” widget on it.

In this tab you can choose the location for your cookie policy bar and customize its design.

Cookie Policy Bar Location - place a cookie policy bar at the top (Top) or bottom (Footer) of the page.

With a pop-up color picker, you can specify a color for the following Cookie Policy Bar elements:

  • Background
  • Buttons
  • Buttons text
  • Text of the bar
  • Links
A sample of a cookie policy bar at the bottom of the page:

To manage cookies in one place, go to Customers → Cookies.

With the extension you can easily track and sort all cookies on a separate grid by its ID, Name, Group and Description.

To view or change the configuration of a cookie, click Edit in the Action column.

To delete cookies, tick them and choose Delete option in the Actions dropdown menu.

To create a new cookie, hit the Add New Cookie button.

Cookie Name - specify the title of the cookie.

Description - fill in some information about the usage of the cookie.

Cookie Group - assign the cookie to a particular group.

To arrange cookies into essential and optional categories, go to Customers → Cookie Groups.

With the extension you can manage all your cookie categories in a handy grid.

On the grid the ID, Cookie Group Name and Description are displayed. Also you can see if each group Is Essential and Is Enabled.

To configure any group, click Edit in the Action column.

To delete several groups in one click, tick them and choose Delete option in the Actions dropdown menu.

To create a new category, click Add New Group.

Enabled - choose Yes to activate the group.

Is Essential - set to Yes to make the group obligatory. In this case the customers will have to allow this cookie group to get access to the website.

Cookie Group Name - specify the title of the cookie group that will be displayed to the customers on the frontend and on the grid in admin panel.

Description - fill in the information about the usage of the group so that the customers could decide whether to allow this group or not.

Assigned Cookies - select the cookies to include in the group.

Save the configuration.

To find the list of all consents and customers data, go to Customers → Cookie Consents.

You can find all needed info in one place. The grid allows to track consents by customer Name, Email, IP Address, Website, Consent Type, Date and Consent Status. This data can be useful for different consents analysis.

Geo IP Data Configuration

The extension uses Geo IP Database to detect site visitors' location. Please, go to Stores → Configuration → Amasty Extensions → Geo IP Data.

Databases are required for the correct work of the GDPR module. Also you need to install php bcmath or gmp extension on your server.

You can get the databases automatically or import your own data.

Hit the Download and Import button to make the extension download the updated CSV dump file and import it into your database automatically.

To import the files from your own source, use the Import option. Path to the files should look like this (the part 'var/amasty' should be replaced with your folders’ names):

In the Import section, the Import button is grayed out by default. It will be available right after you upload the CSV files. The red error notification will switch to green success notification when the import is completed.

Privacy Policy Document Management

To manage the privacy policy documentation, please, go to Customers → GDPR → Privacy Policy.

On the grid you can manage the existing privacy policy documents: create, update, and delete them. For your convenience, the inline edit is available:

Hit the Add New Policy button to create a new privacy policy document.

Comment — specify the privacy policy title;

Policy Version — set the privacy policy version;

Policy Status — change the privacy policy status;

Policy Content — fill in the privacy policy text using the WYSIWYG editor.

To create the privacy policy documentation in additional language, please, switch to another store view using the Store View dropdown menu. Choose the required store view and specify the policy in the corresponding language.

When the privacy policy document is ready, hit the Save button to return to the grid. Also, you can state the version as Draft if it is not completely ready.

To place a link to your Privacy Policy to any store CMS page/block, please, complete the next steps:

1. Create a CMS page and add the 'Amasty Privacy Policy' widget to this page. The widget will automatically display an active Privacy Policy text.

If you want to assign different URLs to multilingual Privacy Policy texts, you should create multiple CMS pages with different URLs and assign each page to a particular store view. Remember to insert the 'Amasty Privacy Policy' widget to each CMS page.

2. Choose any existing CMS page/block to which you want to add a link to a Privacy Policy. Then, via the 'Link to CMS Page' widget, place to this page a link to a CMS page (with a Privacy Policy text), created on the previous step.

3. Check how the link displays on the frontend:

When a customer clicks the link to a CMS page with Privacy Policy, the widget loads the Privacy Policy text according to the store view.

Action Log

To check customers’ actions, go to Customers → GDPR → Action Log.

On the grid you can see all actions performed by store users regarding privacy policy consents and the GDPR-related account management.

Customer Consents Grids

Please, go to Customers → GDPR → Customers With Consent.

{{ :magento_2:gdpr:magento-2-gdpr-00006.png |

On this grid you can see:

  • all the existing customers who agreed to the privacy policy;
  • the version of the privacy policy for which the consent was received;
  • the date a consent was received;
  • the website/store view;
  • the place of the given consent (Registration, Newsletter Subscription, Contact Us form or the Checkout page);
  • the IP address of a customer.

Using the Actions dropdown menu you can Email Consent Request to the selected customers. In that case, they will receive an email request to agree to the latest privacy policy version.

Next, proceed to Customers → GDPR → Customers Without Consent.

On this grid you can see the list of customers who didn't agree to the provided privacy policy or never given a consent.

Using the Actions dropdown menu you can Email Consent Request to the selected customers. In that case, they will receive an email request to agree to the latest privacy policy version.

Customer Consents Email Queue

You can take a look at the current progress of the email sending by going to Customers → GDPR → Customer Consents Email Queue.

Delete Requests Management

When a customer requests for account removal, the request appears on the special grid. Please, go to Customers → GDPR → Delete Requests.

On the grid you can see all incoming requests. You can approve or deny any request:

  • Select the requests you want to reply;
  • Choose the appropriate option from the Actions dropdown menu;
  • Hit the Submit button.

Cron Tasks List

To manage all existing cron tasks, please, go to System → Cron Tasks List.

Here, you can see all the existing cron tasks and their statuses. Run cron tasks and generate their schedule by clicking the ‘Run Cron’ button. Also, delete tasks in bulk, apply filtering and sorting options when it is needed.

Frontend Overview

With the GDPR extension for Magento, one can add privacy policy consent checkbox to the registration and checkout pages.

This is how the privacy policy document looks for store visitors:

In the customer's account the new tab called Privacy Settings is added:

From this page, customers can:

  • download all their personal data in the CSV format;
  • anonymize their personal information;
  • request for account removal.

The customized design of the cookie policy bar:

Here customers can choose which cookie categories they allow to process:

The extension adds a ‘Cookie Settings’ link to the footer so that the customers can easily reset cookie usage conditions any time they need:

Find more information on how to devise Magento GDPR strategy.

Find out how to install the GDPR extension via Composer.

Rate the user guide
 stars  from 1 votes (Details)
magento_2/gdpr.txt · Last modified: 2019/09/24 12:22 by tihomirova