Login or create an account
If you have an account with us, please log in.

You have no items in your shopping cart.

GDPR for Magento 2


This Magento 2 GDPR extension allows your store to comply with the latest legislative requirements. Create privacy policies, collect users' consents for personal data processing, and manage all the privacy issues within a single tool.

  1. Create and update privacy policy, manage documentation versions
  2. Collect user consents on the registration and checkout pages
  3. Manage consents on the grid, send emails to users without consents
  4. Enable customers to download, anonymize, and request to delete their profile data
  5. Configure the cookie policy bar to inform users or collect consents
View Extension Demos
See User Guide
Provide the best experience for customer from different countries and groups:
GDPR for Magento 2

Following the European Union GDPR agreement, starting from May 25, 2018 most of the business are to accept the new terms on how they should collect and process private user information. Changes affect e-commerce websites even outside the European countries. Also, customers receive the new tools to control their data. GDPR extension for Magento 2 will help you get on the right track regarding to the new legislative requirements.

How does your store benefit from the GDPR extension

gdpr extension features

Privacy policy and consents management with Magento 2 GDPR

Create and update privacy policy

Provide customers with the privacy policy adapted to the legal terms of the region where your business operates. Whether it is the European Union and the GDPR resolution or any other local requirements, the Magento 2 GDPR extension gives you the ability to create one or several privacy policies.

Forbid the anonymization of personal data based on order status

Multi-select the particular order statuses to trigger the option to disallow users to anonymize or delete their personal data.

Enable\disable operations with personal data

You can enable or disable the following sections in the customers' accounts:

  • anonymization;
  • deletion;
  • download actions.

Send privacy policy emails

With the Magento 2 GDPR module, you can easily create a mailing list to send privacy policy updates (for users who have already agreed) or requests (for users who haven't accepted the policy). This action can be performed in a click using the convenient mass action for the appropriate grid.

Manage privacy policy versions

Magento 2 GDPR allows you to manage your privacy policy versions to provide your visitors with the most suitable one.

Place compliant forms wherever on the website

With the extension, you can add the Privacy Policy checkbox to the following store pages and forms:

  • Checkout;
  • Registration page;
  • NEW | Contact Us;
  • NEW | Newsletter Subscription.
gdpr compliant privacy policy for magento 2
NOTE: Once the customers accepted the current privacy policy, they will not be asked again until the release of a new version. Furthermore, this option notably quickens the purchasing process and lowers the data entries.

Backend grids for privacy policy replies

The Magento 2 GDPR module adds 2 new backend grids. The first contains customers who agreed with the privacy policy and other related information. The second shows you those remained users who disagreed with the policy.

Export list of customers by given consents

Magento 2 GDPR module provides you with the advanced export capabilities. You can quickly export customers by consents for personal data processing they've provided.

Extended Customer Account to Comply with GDPR requirements

GDPR EU imply changes in the way users interact with their personal data on the web. In particular, e-commerce store customers must have the ability to download their personal information, anonymize it, or delete all data. The Magento 2 GDPR extension provides your shoppers with the new 'Privacy Policy' section in the account.

Manage the Cookie Policy

Inform store visitors about your cookie policy

Equip your store pages with the informative bar telling about the cookie policy. Fill in the text and provide a link to the separate cookie policy page. NEW | You can locate the cookies consent pop-up bar at the top of the screen or at the bottom.

Restrict the site access

You can restrict the access to your website to customers until they give a consent to your cookie policy.

Manage cookie policy consents

Easily track cookie policy consents on the special grid. When a customer allows, disallows or revokes cookie policy consent, the relevant data displays on the grid.

Disable selected cookies for users without consents

As an alternative, you can let store visitors to agree or disagree with your cookie policy. When a user is disagree with the cookie policy, you can specify which cookie files won't be used.

Let customer revoke a consent

All the registered customers who gave a cookie policy consent can revoke it in any time. The revoke button is located in the Customer Account on the Privacy Settings tab.

Magento 2 GDPR: fast answers to troubling questions

What GDPR means?

GDPR is the result of the EU’s data protection reform. It’s a new regulation that is aimed to enable a set of information protection standards in order to (a) clear up how EU residents’ personal data is utilized by international businesses and (b) make them protected from privacy and data breaches.

Why does the GDPR exist and when does it come into force?

In far 2012, there were outlined plans for data protection reform. Later they were approved by the EU parliament, and the regulation, as we see it today, entered into force in May 2018. Now the law affects any e-commerce business even outside the EU.

What types of privacy data does the GDPR protect?

In simple terms, the law is developed to prevent the possibility to single out, contact, locate a person through their data.

Thus, you can’t collect/process users’:

  • race and ethnicity;
  • political, religious, philosophical beliefs, union membership;
  • medical diagnosis, the provision of treatment, sex life and sexual orientation;
  • any users’ genetic or biometric data.

What does GDPR compliance mean for e-commerce businesses?

To keep your Magento 2 GDPR-compliant, you need to:

  • define your role;
  • give your site visitors a clear notion of their data collection, if any;
  • make sure they know their personal data can be processed, anonymized or deleted on the consent/request;
  • respect their right to correct the personal data.

Find more information on how to devise Magento GDPR strategy.

Magento and GDPR

On top of the preparations, Magento called e-store owners to review some areas of their business. This particularly applies to plugins that gather or/and process such data. In our turn, we upgraded all our extensions that have something to do with it and released our GDPR modules. These extensions are aimed to solve the main challenges posed by the new regulations.

Product questions

What the Accept Cookies popup is for and what data is being collected?

Cookies Policy acceptance is just a notification to the customer that the cookies are collected. Read the full answer to get more information.

Read the FULL answer

Is Amasty GDPR extension compatible with PayPal?

Yes, our GDPR extension is fully compatible with PayPal payment method.  Follow the link below to get more information. 

Read the FULL answer

How to create a customer account without consent to Privacy Policy?

All new customers must accept Privacy Policy terms since this field is required. Read the full answer to get the detailed explanation.

Read the FULL answer
Reasons to choose

Other Features

  • 100% Open Source — Easy To Customize
  • Follows Magento Code Architecture
  • Separated HTML/CSS/JS
  • Simple installation via Composer
* The name "Magento" and the logo are the trademarks of Magento, Inc.
Looks like the developers got consultation from a lawyer
I must admit the module itself and support crew indeed has a focus on real business users like me, who need to comply with all aspects of this, let's say, cumbersome privacy-related stuff
Tony Matthews

Write Your Own Review

You're reviewing: GDPR for Magento 2

Version 1.4.1 - October 29, 2018
– Fix: the issue with the possible error on the Cookie Policy Consents page was resolved
Version 1.4.0 - October 25, 2018
– New: introducing the cookie policy consents grid. When a customer allows, disallows or revokes cookie policy, the action is recorded to the grid with all accompanying data
– Improvement: the extension's compatibility with Full Page Cache was improved
Version 1.3.0 - October 19, 2018
– New: the ability to revoke the cookie concent was added
– New: the ability to restrict the access to the website until the cookie consent is given was added
– New: the notification for an admin on the customer's personal data delete request was added
– New: now, the Customers with Consent grid contains more data: the website/store view, the place of the given consent and the IP address of the customer
– New: the new privacy policy status "Draft" was added
– Improvement: the personal data anonymization process was improved for the Invoice/Shipment grids
– Improvement: the email on the privacy policy update was enhanced
Version 1.2.2 - October 17, 2018
– Fix: the possible issues with not working consent checkbox on the checkout page were resolved
Version 1.2.1 - October 01, 2018
– New: now the list of EU countries is editable from the admin panel
– New: now the cookie bar can be placed at the top of the screen
– Improvement: the process of saving a customer's consent was improved
Version 1.2.0 - September 27, 2018
– New: the ability to switch ON/OFF personal data anonymization, deletion and download actions for customers was added
– New: The ability to show privacy Policy confirmation checkboxes on the "Contact Us" and "Newsletter Subscription" forms were added.
– New: the ability to anonymize personal data of an order made by a guest was added
– Improvement: now, when a customer accepts the actual version of the privacy policy, he will not be asked to accept it again until the new version of the policy will be released. The update reduces the number of actions for registered customers to purchase products as well as decreases the number of entries stored in the database.
– Improvement: the possibility to edit an active privacy policy was disabled
– Improvement: Now a privacy policy sample is created during the extension's installation process
Version 1.1.7 - September 03, 2018
– New: the ability to adjust the cookie policy bar style was added
– Improvement: the ability to anonymize the 3rd party extension customer attributes was added
Version 1.1.6 - August 27, 2018
– Improvement: now, a customer can download, anonymize or delete its personal data only after entering the password
Version 1.1.5 - August 20, 2018
– Improvement: the notification for a customer when an account has been deleted was improved
Version 1.1.4 - August 13, 2018
– Fix: the issue with the email language was resolved
– Fix: the issue with the customer login URL in the consent emails was resolved
Version 1.1.3 - August 02, 2018
– Improvement: the stability enhancement was implemented
– Fix: the possibility of appearing JS errors was resolved
– Fix: the issue with cookie policy bar links was resolved
Version 1.1.2 - July 26, 2018
– Improvement: the extension settings was slightly improved
– Improvement: the stability enhancement was implemented
Version 1.1.1 - July 17, 2018
– Compatibility: the compatibility with the 3rd party checkout extensions was improved
– Fix: the issue with the page reload when clicking on the policy was fixed
Version 1.1.0 - July 16, 2018
– New: the ability to manage the cookie policy bar was added
– New: the ability to disallow optional cookies was added
Version 1.0.2 - July 05, 2018
– Improvement: the location detection via GeoIP data was improved
Version 1.0.1 - June 21, 2018
– Improvement: the extension's translation file was enhanced
Back to top