My Cart
GDPR for Magento 2
100 % of 100
User Manual
Report incorrect product information

GDPR for Magento 2

Strengthen data security and privacy by giving customers full control of their personal data.

  • Dedicated functionality allows you to comply with GDPR, specifically the right to be informed, access, erasure, and data portability rights
  • Save various versions of Privacy Policy to make the store fully compliant
  • Data protection policy consents are collected on registration, checkout, and other pages
  • Improved customer accounts allow customers to ask to delete or copy their personal data
  • Allow customers to download their personal data automatically in PDF or XML formats
  • Customer verification mechanism protects data against fraudulent activity
  • Extension grids segment customers by their statuses and intentions
Current extension version: 1.1.6 | Compatibility: Open Source 2.4.5 - 2.4.7; Commerce 2.4.5 - 2.4.7
Marketplace Approved

Marketplace Approved

Starting At Special Price $199.00


Subscription details

How Magento 2 GDPR works

The Magento 2 GDPR extension allows your customers to exercise the right to access, change, and delete their personal data guaranteed by GDPR. Any consent withdrawals or data access requirements are closely monitored by the provided functionality, which allows you to perform all necessary actions consciously and with no delays. Privacy Policy can be changed, if needed, to comply with the law requiring tracking which Privacy Policy version particular customers agreed to. 

Goal. Be sure that your site has the necessary toolset to comply with GDPR.

Solution. The main requirements of GDPR imply the following rights for customers:

  • The storage of personal data and its use have to be approved by customers consciously and unambiguously;
  • The module records consent date and time;
  • Customers are able to access and obtain their data both in human- and machine-readable formats (pdf and xml);
  • Customers can demand data removals if they do not want it to be further used and processed.

Although, the requirements are quite simple it can be difficult to keep big or external databases and services compliant with them, which is the main purpose of the GDPR extension for Magento 2.

It allows you to closely track the status of customers with or without consent, delete personal data of customers; it allows customers to request a copy of the stored data, and ask to delete the information.

First of all, the module ensures that all the customers, including guests, provide their consent on registration and checkout pages.

Second, you can track the status of your customers in one place in the backend, export the lists of customers with no consents and follow them by any means.

Third, you can receive and process the requests to obtain and erase personal data from multiple customers.


Solution. The described above functionality allow you to quickly arrange personal data according to GDPR, change privacy policy terms following legislation changes, and keep it compliant with any imposed data protection terms.


Goal. Provide your customers with the access to their personal data according to the GDPR requirements.


Solution. Even several extra tickets submitted to your help desk set an unwanted tension in the support department. So, if you start receiving dozens of personal data access requests a day, it may cause overstrain and totally stop the whole process.

Another thing is if shoppers ask for their personal data directly from their accounts and do not affect the work of your customer service. Then, you can easily filter out all that kind requests, export them in one list, in order to use it in some third-party solutions to follow customers, download the corresponding data, and send it to customers at a time.

Personal data can be delivered in two ways:

  • Right of access - customers can request request a copy of their personal data in PDF;
  • Right of data portability - data can be obtained in the machine readable format (XML).

Data access requests are verified by email, so you could weed out malicious requests. Besides, the provided API, makes it possible to take data from some third-party applications involved.


Result. The result is that the customer service is not overloaded with irrelevant inquiries and is able to provide the same high level of services. Meanwhile, you can organize the work of your support department to satisfy requests of your customers within a legitimate timeframe defined by GDPR (30 calendar days).


Goal. Allow customers to delete their information stored in your databases according to the GDPR requirements.


Solution. Art. 17 of GDPR is clear about the right to erase someone's personal data wherever it is stored: “The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay..”

There are several reasons for the erasure, but the opportunity to withdraw the consent makes this case applicable to almost any situation. So, in order to successfully resolve the issue, you need to collect and process erasure requests effectively, which is the very functionality provided by the GDPR extension.

In order to use the “right to be forgotten” customers can use the Delete My Account button in their accounts. The Removal Requests grid in the backend contains all the submitted delete requests. Magento admins are able to delete the corresponding data right here (except the order information as it's a subject to local legislation) and export the list of requests to be processed in other third-party systems, where the personal information can be additionally stored.

The same as with the right to access and data portability right all the submitted requests are verified by email, while the API allows extracting data from the engaged third-party solutions.

Result. This way, you can erase the personal data requested to be deleted or any other customer information you don’t want to be stored. The whole process takes only several minutes and is not going to be irksome for your staff.


Goal. Make your customers understand how their data is used and amend your privacy policy according to the changing legal environment.

Solution. The legislation is not something immutable and usually follows the changes of the technology landscape, so you should also adapt to them timely. Imagine that all your customers have actually given you the permission to use their personal data, but now you need to change your privacy policy according to GDPR.

So, now the given consents are not valid anymore and you need to get them again, which is very embarrassing. However, the GDPR extension is able to make the process much faster and simpler.

As soon as you alter the content of your privacy policy CMS page, you can reset the statuses of customers that gave the consent previously in one click with the Save and Reset the Consent option. Now, customers need to agree to the new terms.

The status of customers related to the new policy terms is tracked via the Consent Relevance grid, which also contains the date when the latest consent was provided by customers.

Result. The process of getting compliant with the latest legislation changes becomes much simpler, consciously manageable and trackable.

Magento 2 GDPR Detailed Feature List

Customer Account Area

  • Customers can ask to access and delete their personal info
  • Accounts will be deleted together with incomplete orders and abandoned carts
  • Customer verification by email
  • Email template for data access request

Customer Base Management

  • Track the customers with and without consents
  • Export the lists of customers with no consents
  • Erase the customers’ personal data (id, name, and email address)
  • Monitor customer removal requests
  • Track the data access requests
  • Export the requests to remove data and data access requests

Data Protection Policy Consent

  • Ask customers to provide data protection policy consents on registration pages
  • Ask guest customers to provide data protection policy consents on checkout pages
  • Ask existing customers to provide data protection policy consents using dedicated popups

Change Data Protection Policy

  • Change data protection policy and ask customers to agree with the new terms
  • Reset the consents provided for the previous data protection policy version
  • Monitor customer consents to the latest data protection policy version
Write Your Own Review
Only registered users can write reviews. Please Sign in or create an account
  • 1.1.6
    Released 30.04.2024
    * Composer update
  • 1.1.5
    Released 13.09.2023
    * Fixed issue with recording guest consent
  • 1.1.4
    Released 10.05.2023
    * Fixed issue with adding products to the cart after customer account deleting
    * Fixed issue with saving a customer that does not have an entry in the aw_gdpr_consent table
  • 1.1.3
    Released 09.06.2022
    + Compatibility with Magento 2.4.4
    + Declarative schema upgrade
    * Fixed issue with Actions in the Consent Relevance grid for Magento 2.4.4
    * Fixed issue with the Consent Relevance grid when applied filters are cleared for Magento 2.4.4
  • 1.1.2
    Released 16.06.2021
    * Fixed issue for Magento Marketplace
    * Fixed issue with ACL
  • 1.1.1
    Released 10.03.2021
    * Fixed issue for Magento Marketplace
  • 1.1.0
    Released 24.02.2021
    + Save various versions of Privacy Policy
    + Allow customers to download their personal data automatically
    + Email template for data access request
    + UI, UX improvements
    + Web API update
  • 1.0.3
    Released 22.05.2020
    * When new Store View is enabled, "Consent Relevance" page isn't opened
    * Welcome message is present on Storefront after removal request is complete
    * Fixed issue when Consent Popup does not appear on checkout
  • 1.0.2
    Released 21.10.2019
    + Compatibility with mpdf version 8
    * Error occurs on an attempt to open the "Consent Relevance" grid (Magento Commerce 2.3.2)
    * Fixed issue with 'PayPal Express Checkout'
    * Fixed issue when data are not entirely removed
  • 1.0.1
    Released 06.02.2019
    + Magento 2.3 compatibility
  • 1.0.0
    Released 18.06.2018
    *Initial release

Product Questions

No questions yet. Be the first to ask the question!
Reasons to choose Aheadworks
Fostering wellness and allowing for the feeling of support and care, we help customers in no time.
Constantly seeking ways for improvement, we write clean code, subject to timely refactoring.
Business Expertise
Business Expertise
Seasoned in succeeding with hundreds of projects, we know all aspects of Magento 2 development.
We found other products you might like!