Login or create an account
If you have an account with us, please log in.

You have no items in your shopping cart.

GDPR for Magento 2

Magento 2 GDPR extension is designed to help online stores comply with the latest legislative EU requirements and strengthen the data security and privacy. Make sure that your business gets as many customers' consents as possible to be ahead of competition!
  1. Collect users consents on the registration, checkout and contact us pages
  2. Ask users for privacy consents in the newsletter subscription form
  3. Let customers download and anonymise their personal data
  4. Receive customers deletion requests and manage them in one place
  5. Notify customers about all operations with their personal data
  6. Create, update and delete privacy policy documents in one place
View Extension Demos
See User Guide
Provide the best experience for customer from different countries and groups:
GDPR for Magento 2


Magento 2 GDPR is designed to strengthen the data security and privacy in your online store: ask users for privacy consents, allow customers to download, anonymise and delete their personal data, change your data protection policy and ask customers to agree with the new terms.


Avoid penalties for breaching GDPR by observing users civil rights
Increase customers’ loyalty and confidence by protecting their data
Collect and process customers data in a transparent and efficient way


Apply cookie policy bar to make users give their privacy consents

Get users privacy consents from the registration page

Ask users for privacy consents while making orders and payments

Add privacy consent checkbox on contact us page

Ask users to tap privacy checkbox while subscribing to the newsletter


Ensure online privacy by providing users with cookie usage control

With the all-in-one solution, you get additional functionality of Magento 2 Cookie Consent to cover all requirements of the EU legislation concerning cookie usage. Let customers control their cookie usage and thus avoid fines for breaking the law.

Increase customers confidence by protecting their personal data

GDPR EU implies changes in the way users interact with their personal data on the web. In particular, store customers must have the ability to download their personal information, anonymise it, or delete all personal data.


Notify customers about the updated privacy policy

Inform customers about the account anonymisation

Let your store admin know about new personal data deletion requests

Notify customers about the account deletion

Inform customers about the reasons why the account wasn’t deleted


Manage privacy policy documents and consents on a handy grid

Magento 2 GDPR helps you to get under control all GDPR-related activities in your store. In particular, the extension allows you to manage all customers with and without consents, monitor cookie policy consents and related action logs, and track all privacy policy documents versions.


Easily configure a cookie policy bar according to your preferences: choose its location on the page, background color, buttons color, buttons text color, main text color, and links color. Get more consents from visitors with a unique cookie policy bar!

gdpr for magento 2

Expert Opinion
What Experts Say?
Failing to comply with GDPR can come with some very steep consequences. If a data breach occurs because of non-compliance, a company can be hit with fines as high as €20 million or 4% of the company’s annual global revenue, whichever amount is greater.
Angela Petteys // TRAFFIC Digital Agency
Deep experience in SEO/SEM, Paid Search, Website Design and Social Media Management

More Features for Magento 2 GDPR

  • Display the privacy policy consent checkbox only for EEA countries
  • Not display the privacy policy consent checkbox until the current policy will be updated
  • Manage all existing cron tasks on a handy Cron Tasks List grid in the backend
  • Create a mailing list to send privacy policy updates
  • Let customer revoke a consent
  • Specify which cookie files won't be used for customers
  • Detect customer location via GeoIP, with IPv6 support
  • Restrict access to a website until a customer gives a consent to the cookie policy
  • Track customer consents email queue in a handy grid
  • Export list of customers by given consents
  • Upload the latest Geo IP Database
magento 2 google page speed optimizer

Save $99 and get fully compliant with both GDPR and EU Cookie Law with the included Magento 2 Cookie Consent extension.

Magento 2 GDPR: fast answers to troubling questions

What GDPR means?

GDPR is the result of the EU’s data protection reform. It’s a new regulation that is aimed to enable a set of information protection standards in order to (a) clear up how EU residents’ personal data is utilized by international businesses and (b) make them protected from privacy and data breaches.

Why does the GDPR exist and when does it come into force?

In far 2012, there were outlined plans for data protection reform. Later they were approved by the EU parliament, and the regulation, as we see it today, entered into force in May 2018. Now the law affects any e-commerce business even outside the EU.

What types of privacy data does the GDPR protect?

In simple terms, the law is developed to prevent the possibility to single out, contact, locate a person through their data.

Thus, you can’t collect/process users’:

  • race and ethnicity;
  • political, religious, philosophical beliefs, union membership;
  • medical diagnosis, the provision of treatment, sex life and sexual orientation;
  • any users’ genetic or biometric data.

What does GDPR compliance mean for e-commerce businesses?

To keep your Magento 2 GDPR-compliant, you need to:

  • define your role;
  • give your site visitors a clear notion of their data collection, if any;
  • make sure they know their personal data can be processed, anonymized or deleted on the consent/request;
  • respect their right to correct the personal data.

Find more information on how to devise Magento GDPR strategy.

Magento and GDPR

On top of the preparations, Magento called e-store owners to review some areas of their business. This particularly applies to plugins that gather or/and process such data. In our turn, we upgraded all our extensions that have something to do with it and released our GDPR modules. These extensions are aimed to solve the main challenges posed by the new regulations.

Product questions

What the Accept Cookies popup is for and what data is being collected?

Cookies Policy acceptance is just a notification to the customer that the cookies are collected. Read the full answer to get more information.

Is Amasty GDPR extension compatible with PayPal?

Yes, our GDPR extension is fully compatible with PayPal payment method.  Follow the link below to get more information. 

How to create a customer account without consent to Privacy Policy?

All new customers must accept Privacy Policy terms since this field is required. Read the full answer to get the detailed explanation.

Reasons to choose

Other Features

  • 100% Open Source — Easy To Customize
  • Follows Magento Code Architecture
  • Separated HTML/CSS/JS
  • Simple installation via Composer
* The name "Magento" and the logo are the trademarks of Magento, Inc.
Good but needs more design options
I liked this product, managed to install myself. The only problem was with a cookies bar. It was located only down all in black and white. My customers are old people they can’t concentrate too good, so oftentimes they missed that bar and got angry that couldn’t go forward to the checkout. It would be nice if they made possible customizing the bar colors and size.
One of best buys
When they started that GDPR policy I thought we wouldn’t meet it. We fought much to make it work. Now customers have no chance to escape info about how we use their data. We activated the privacy policy bar at every place settings allow. We had an issue with email texts, it was only possible to send in english. But many of my customers are of Indian descent, so they only use very simple english if any. But a couple of days ago this was fixed now all works fine.
Looks like the developers got consultation from a lawyer
I must admit the module itself and support crew indeed has a focus on real business users like me, who need to comply with all aspects of this, let's say, cumbersome privacy-related stuff
Tony Matthews

Write Your Own Review

You're reviewing: GDPR for Magento 2

Version 1.5.4 - May 15, 2019
– Fix: the issue with changing the status of privacy policy was resolved
Version 1.5.3 - April 11, 2019
– Compatibility: the compatibility of Geo IP Data module with Magento 2.1.x was enhanced
– Improvement: the Privacy Policу checkbox validation process was enhanced, possible issues on the checkout page were solved
– Fix: the issue with clicking on the privacy policy checkbox label without checking the checkbox was resolved
– Fix: the issue with the translation of privacy policy popup button text was resolved
– Fix: the issue with the translation of Privacy Policy checkbox title on the checkout page was resolved
Version 1.5.2 - March 26, 2019
– New:the ability to manage all existing cron tasks on a Cron Tasks List grid in backend was added. Run cron tasks and generate their schedule by clicking the ‘Run Cron’ button. Also, delete tasks in bulk, use filtering and sorting options when it is needed
– Improvement: IPv6 support was added to Geo IP detection
– Improvement: the possibility to upload the latest Geo IP Database was added
Version 1.5.1 - March 06, 2019
– Fix: error on the policy grid was fixed
Version 1.5.0 - March 05, 2019
– New: introducing a Cookie Management page. Now a user is able to activate or deactivate certain cookie groups. Admin is able to create new groups for cookies.
– Improvement: consent validation at the checkout page was improved. Possible issues on the payment step were resolved
– New: added setting to enable/disable extension
Version 1.4.8 - February 05, 2019
– New: now it is possible to create a link to the Privacy Policy via the 'Amasty Privacy Policy' widget.
– New: we have added Ajax to the allowing/disallowing cookies. No page reload will happen after action with cookies.
Version 1.4.7 - January 17, 2019
– Fix: the issue with two checkboxes at the Contact Us page was resolved
– Fix: the issue with deletion of account if the DoB and the Gender are required fields was resolved
Version 1.4.6 - January 10, 2019
– Improvement: the translation of the "Current Password" was added to the translation file
– Fix: the issue with disabling all privacy policies was resolved
Version 1.4.5 - December 21, 2018
– Improvement: the privacy policy popup load process was improved reducing the total page size
– Compatibility: the compatibility with Magento 2.1.9 Enterprise was enhanced. The error while opening the privacy policy grid in the admin panel was fixed
– Fix: the issue with not including multiple addresses in a customer information file was resolved
– Fix: the issue with sending the text of the privacy policy for the wrong store view in the customer consent request email was resolved
Version 1.4.4 - December 06, 2018
– Improvement: the inline edit was added to the privacy policy grid
Version 1.4.3 - November 27, 2018
– Fix: the "Element with ID 'amasty_gdpr_checkbox' already exists" issue on the contact page while submitting was resolved
Version 1.4.2 - November 19, 2018
– Fix: the issue with wrong geolocation detection was resolved
Version 1.4.1 - October 29, 2018
– Fix: the issue with the possible error on the Cookie Policy Consents page was resolved
Version 1.4.0 - October 25, 2018
– New: introducing the cookie policy consents grid. When a customer allows, disallows or revokes cookie policy, the action is recorded to the grid with all accompanying data
– Improvement: the extension's compatibility with Full Page Cache was improved
Version 1.3.0 - October 19, 2018
– New: the ability to revoke the cookie concent was added
– New: the ability to restrict the access to the website until the cookie consent is given was added
– New: the notification for an admin on the customer's personal data delete request was added
– New: now, the Customers with Consent grid contains more data: the website/store view, the place of the given consent and the IP address of the customer
– New: the new privacy policy status "Draft" was added
– Improvement: the personal data anonymization process was improved for the Invoice/Shipment grids
– Improvement: the email on the privacy policy update was enhanced
Version 1.2.2 - October 17, 2018
– Fix: the possible issues with not working consent checkbox on the checkout page were resolved
Version 1.2.1 - October 01, 2018
– New: now the list of EU countries is editable from the admin panel
– New: now the cookie bar can be placed at the top of the screen
– Improvement: the process of saving a customer's consent was improved
Version 1.2.0 - September 27, 2018
– New: the ability to switch ON/OFF personal data anonymization, deletion and download actions for customers was added
– New: The ability to show privacy Policy confirmation checkboxes on the "Contact Us" and "Newsletter Subscription" forms were added.
– New: the ability to anonymize personal data of an order made by a guest was added
– Improvement: now, when a customer accepts the actual version of the privacy policy, he will not be asked to accept it again until the new version of the policy will be released. The update reduces the number of actions for registered customers to purchase products as well as decreases the number of entries stored in the database.
– Improvement: the possibility to edit an active privacy policy was disabled
– Improvement: Now a privacy policy sample is created during the extension's installation process
Version 1.1.7 - September 03, 2018
– New: the ability to adjust the cookie policy bar style was added
– Improvement: the ability to anonymize the 3rd party extension customer attributes was added
Version 1.1.6 - August 27, 2018
– Improvement: now, a customer can download, anonymize or delete its personal data only after entering the password
Version 1.1.5 - August 20, 2018
– Improvement: the notification for a customer when an account has been deleted was improved
Version 1.1.4 - August 13, 2018
– Fix: the issue with the email language was resolved
– Fix: the issue with the customer login URL in the consent emails was resolved
Version 1.1.3 - August 02, 2018
– Improvement: the stability enhancement was implemented
– Fix: the possibility of appearing JS errors was resolved
– Fix: the issue with cookie policy bar links was resolved
Version 1.1.2 - July 26, 2018
– Improvement: the extension settings was slightly improved
– Improvement: the stability enhancement was implemented
Version 1.1.1 - July 17, 2018
– Compatibility: the compatibility with the 3rd party checkout extensions was improved
– Fix: the issue with the page reload when clicking on the policy was fixed
Version 1.1.0 - July 16, 2018
– New: the ability to manage the cookie policy bar was added
– New: the ability to disallow optional cookies was added
Version 1.0.2 - July 05, 2018
– Improvement: the location detection via GeoIP data was improved
Version 1.0.1 - June 21, 2018
– Improvement: the extension's translation file was enhanced
Back to top