In this light, many entrepreneurs are interested in some solutions that would allow them to follow the regulation terms and provide customers with all the rights they can require.
Welcome! GDPR 1.0 for Magento 2 is released!
GDPR for Magento 2
The GDPR module collects customer consents to process their personal data and allows you to stay compliant with the most essential GDPR regulations, including the right to access, copy, change, transfer, and erase customer personal data effectively.
What makes it different
- Be compliant with the main GDPR regulations by allowing customers to access, copy, change, transfer, and delete their personal information;
- Collect data consents on registration, checkout, and other website pages;
- Allow customers to send data access, transfer, and deletion requests right from their personal accounts;
- Verify customers by email in order to avoid frauds;
- Track customer statuses on the backend;
- Use the extension API to get and delete data from third-party solutions.
GDPR Backend Configuration and Management
The configuration of the extension is extremely simple and straightforward. In fact, it includes only four setting options.
The General section of the configuration page allows you to specify the CMS page that should be used as Data Protection Policy Page. And, the Email Settings section makes it possible to configure the notification system used by the extension.
- Sender - the contact to be used as a sender for outgoing emails;
- Removal Confirmation Email Template - an email template to be used as a confirmation of data removal requests sent to customers;
- Data Access Confirmation Template - an email template to be used as a confirmation of data access requests sent to customers.
That’s it. Now, we can proceed to other backend sections.
Data Access Requests
The right to access own personal data is a basic right declared by GDPR, and using the extension, customers can easily ask Magento admins to send them full and detailed information related to them personally in Magento or other CRM or/and ERP systems that use and process their data.
For customers, the process is absolutely simple and takes only one button click in their accounts and a short verification procedure by email.
All verified requests appear in the Data Access Request grid.
Data Access Requests grid (truncated)
As we can see, the grid comprises the following columns:
- Name - name of the customer;
- Email - customer’s email;
- Status - request status (pending, processing, completed, canceled).
- Web Site - the website a request was submitted to;
- Created At - date and time of the request;
- Resolved at - date and time when the request was resolved;
- Actions - the column allows changing request status and download data in two formats - PDF and XML.
Note: The PDF format (human-readable format) is provided in order to exercise the right to access the information, while the XML format allows customers to send data to other applications (the right to transfer data).
The mass-action drop-down allows customers to change request statuses massively.
The process of request removal is absolutely the same, except that customers need to click the Delete My Account button on the frontend.
The Removal Requests grid (Customers > GDPR > Removal Requests) collects verified removal inquiries and allows you to track and respond to them in a timely manner. The grid contains absolutely the same columns as the Data Access Requests grid. The difference is that the Actions column and the mass-action drop-down are limited by the status management functionality.
Removal Requests grid (truncated)
The Consent Relevance grid (Customers > GDPR by Aheadworks > Consent Relevance) made for this very purpose contains the following columns:
- Name, Email, Web Site - the same columns described above;
- Latest Consent Date - date and time when the consent was received;
- Actions - allows you to erase the customers who do not agree with the latest policy terms, if necessary.
Consent Relevance grid (truncated)
Moreover, the Reset Consent button above the grid allows you to change the statuses of consents to become not relevant to the latest policy terms.
From now on, all the consequent consents of existing users will be considered as relevant to the latest version of the policy and will be set as ‘Yes” in the Relevant Consent column. Then, you will be able to track customers with different statuses and delete the ones with no consents, if necessary, by using the Erase Customer action. That’s how it works.
The module doesn’t allow customers to register until they check the “I consent to the…” checkbox as soon as it is mandatory to complete the registration process.
Guest customers also have to confirm their agreement with the policy terms as soon as they proceed to checkout page. In this case, a confirmation popup appears asking customers either to agree with the policy, disagree, or postpone the process.
If a customer agrees, he/she can proceed straight to the checkout. In case of postponement, the customer will be redirected to the website homepage, but in case of rejection, the module notifies him/her that further order processing is impossible until the consent is provided. That way, the module allows only customers with consents to shop and, this way, prevents any personal data acceptance without proper compliance.
Personal Data Access and Erasure
As we have already mentioned, the extension allows customers to demand access to their personal data stored and processed by store owners and even ask to delete it, if necessary.
The process is very simple. Customers just need to enter the Account Information section in their customer accounts and click either the Delete My Account or Get My Data buttons. As soon as the button is pressed, the module sends verification emails to customers in order to avoid fraud requests.
Data Request Options in Customer Account
After the request is verified, it appears on the backend and is further processed by Magento admins.
The module is currently good and ready to be reviewed and purchased in our store. For more information and better idea of the extension, please follow the provided user guide and visit the extension demo stores.