GDPR | User Manual
- Installing GDPR
- Uninstalling Magento 2 GDPR
- Introduction Magento 2 GDPR
- Magento 2 GDPR On Frontend
- Developer Notes: Consent Popup Integration
- On Backend - Magento 2 GDPR
Magento 2 GDPR extension allows Magento merchants to collect customer consents on registration, checkout, and other pages. Even more, the module allows providing customers with their right to access, copy, transfer, and erase personal data processed by the store and related third-party extensions. Customers are able to access, copy, and delete personal information in one click from customer accounts, while the verification process makes Magento merchants sure about the eligibility of submitted requests.
Compatibility: Magento Open Source 2.3.X, Magento Commerce 2.3.X
Installing mPDF Library
Before generating customer information in PDF, you need to install the mPDF library executing the following command at the command prompt:
composer require mpdf/mpdf
Command Line Installation
- Backup your web directory and store database
- Download the GDPR installation package
- Upload contents of the GDPR installation package to your store root directory
- In SSH console of your server navigate to your store root folder:
run the following command:
php -f bin/magento module:enable Aheadworks_Gdpr
php -f bin/magento setup:upgrade
php -f bin/magento setup:static-content:deploy
5. Flush store cache; log out from the backend and log in again
Make sure the installation is done from the FTP administrator account. Otherwise, set 775 permissions to the store root directory after the extension is deployed.
If you are installing an extension from Aheadworks for the first time, you need to add our composer repository to your Magento store:
1. Login to your ssh console and navigate to your store folder:
Run the following command:
composer config repositories.aheadworks composer https://dist.aheadworks.com/
After the command was executed successfully, you can use the composer to install the products.
To install the extension:
2. Login to your ssh console and navigate to your store folder:
3. Run the following command to install the latest version of the extension:
composer require aheadworks/module-GDPR
if you need to install a specific version, run this command:
composer require aheadworks/module-GDPR:<version>
Specify the version of the extension in <version>
When prompted, enter Public Key (Username) and Private Key (Password):
Both Public Key (Username) and Private Key (Password) can be found in My Projects and Licenses in your personal account on our site:
4. Enable the extension:
php -f bin/magento module:enable <Module_Name>
Add the product name in <Module_Name>
Next, register the extension:
Recompile your Magento store if you are in the Production mode:
To verify that the extension is enabled, run this command:
Clean store cache, by running the following command:
Log out and Log in the backend again.
To upgrade the extension:
5. To update or upgrade an extension:
Download the updated extension file. Take note of the module-name and version. Export the contents to your Magento root.
If a composer package exists for the extension, run one of the following.
Update per module name:
composer update aheadworks/module-GDPR
Updater per version:
composer require aheadworks/module-GDPR:<version>
Run the following commands to upgrade, deploy, and clean the cache.
php bin/magento setup:upgrade --keep-generated
Uninstalling Magento 2 GDPR
1. Disable the module by executing the following commands:
php bin/magento module:disable Aheadworks_Gdpr
2. Remove the extension files from the following folder:
Automatic Removal (via Composer)
1. Disable the module by executing the following commands:
php bin/magento module:uninstall Aheadworks_Gdpr
Introduction Magento 2 GDPR
The present extension brings forth the following features:
- The dedicated functionality enables you to comply with most essential GDPR requirements, including the right of customers to access, copy, transfer, and delete their personal data;
- Customers are able to request access to personal data from My Account in one click;
- The implemented verification technique allows you to reduce fraudulent data requests;
- The extension allows you to split up customers with and without consents and manage each group individually;
- The extension API allows you to get and erase data from third-party apps.
The latest version (1.1.0) of the extension allows the following:
REST API support
Automatic processing of requests to delete and receive data with administrator notification
Versioning of policy pages (with a ban on deleting and editing in some cases)
Binding cms page to consent
Magento 2 GDPR On Frontend
New Customer Consents
Customers who want to make their first purchase in a store provide their consent either on the Registration or Checkout pages.
To do so, on the Registration page, customers tick the dedicated checkbox.
The following issue was reported on Magento 2.4.1 and 2.3.6:
Given: The Customer creates a new account and inputs an incorrect value to a field on the form. For example, leaves First Name or Last Name empty, or does not give the GDPR consent.
Result: The Create an Account button becomes disabled and cannot be enabled.
Customers cannot submit personal information without ticking the check box or clicking on the I Agree button. Customers' data is not recorded to databases until the consent is given.
In case the Customer wants to provide his/her consent at a later time and clicks the 'Ask me later...' link, he/she is taken to the home page of the store to continue shopping.
Integration with One Step Checkout
Developer Notes: Consent Popup Integration
Consent Popup Integration
The consent popup works on native Magento checkout pages and checkout pages created by the Smart One Step Checkout extension by Aheadworks by default. Still, you can integrate it with any other checkout application the same way just changing the rote to it in etc/di.xml.
Existing Customer Consents
Existing customers provide their consent at the moment they enter their accounts in your store. Immediately after signing into the store, they will see the same pop-up asking them to provide the consent.
Accessing and Erasing Data
Except for the necessity to provide their consents, customers have the right to access, copy, transfer and delete their personal information. Customers do that in My Account in the Account Information section. The section contains two buttons: Delete My Account and Get My Data. As soon as the Customer clicks on one of the buttons, a verification email follows to the Customer's mail inbox. The email prompts the Customer to confirm the request. Confirmed requests appear on the Backend.
On Backend - Magento 2 GDPR
To configure the extension, go to Stores > Configuration > Aheadworks Extensions > GDPR. The page features two sections: General and Email Settings.
The following options are available in the General section:
- Enable automatic processing of data removal and data access requests - set to Yes to allow customers to delete their accounts without the involvement of the Admin, set to No, Admin has to manually send documents via emails
The following options are available in the Email Settings section:
- Sender - the Store User to be the Sender of the request confirmation emails send to customers
- Removal Confirmation Email Template - the email template to be used for personal data removal requests
- Data Access Confirmation Email Template - the email template to be used for personal data access requests
- Enable admin notifications upon the events - select the requests for notifications to be sent to the Admin
- Send admin notifications to - specify the Store User to receive the above notifications
- Data removal request email template - the template for the emails sent to the Admin on customers submitting data removal requests
- Data access request email template - the template for the emails sent to the Admin on customers submitting data access requests
The grid comes with the following columns:
- Store View - the store view to contain the cms page
- Actions - click on the View active link to open the Edit [Page Name] page
- the number is unique within a store view (e.g. the same set of rules in different languages is considered to be the same PP version).
- If the version is not set, the extension does not track it’s uniqueness: there can be multiple PP assigned to the same store view without any version number.
- the number can consist of letters, numbers, dots, commas, underscores and hyphens.
Same applies to the situation when there is already a page set for a whole website and the Admin wants to set the PP page for a store view within this website. In this case, for a given store view, the Admin needs to specify a new version.
Data Access Requests
As soon as data access requests are verified by email they appear in the Data Access Requests grid for further processing by the Admin. Go to Customers > GDPR by Aheadworks > Data Access Requests to find the grid.
The Data Access Requests grid includes the following columns:
- Customer ID - ID of a customer;
- Name - customer's name;
- Email - customer's email;
- Status - request status. Available options include: Pending, Processing, Completed, Canceled;
- Created At - date and time of the request submission;
- Resolved At - resolution date and time;
- Actions - the column contains an active link, which allows Magento admins to change the status of a request or download customer information in the PDF (human-readable) and XML (machine-readable) file formats.
The above formats, in fact, are intended for different purposes and exercise two different GDPR rights. PDF allows customers to access their personal information, while XML allows customers to make data portable and transfer it to other solutions or applications.
In addition to the Actions column, request statuses can be changed massively using the Actions box.
Developer Notes: Data Export
Export of the Data Stored in Third-party Applications
The same way customers may ask to delete own personal information, still, these requests are collected in the Removal Requests grid located under Customers > GDPR by Aheadworks > Removal Requests. The grid has absolutely the same columns as the previous one. The only difference is that the Actions column in the grid only allows Magento admins to manage request statuses. The same actions can be performed massively from the Actions box above the grid.
Once the customer's data removal request has been approved, his/her personal data is erased from the store. The data includes the customer's ID, Name, and Email.
On receipt of a request to delete the data of the Customer, the Admin refers to the Consent Relevance page. The Consent Relevance grid contains a list of all customers, including the guest ones. The grid allows the Admin to anonymize customer data in one click. Additionally, on this page, the Admin can track and manage the consent statuses of the customers.
The Consent Relevance grid is located in Customers > GDPR by Aheadworks > Consent Relevance. The grid contains the following columns:
- Customer ID, Name, Email - the ID, name and email of the customer
- Latest Consent Date - the date and time of the latest consent as signed by the Customer
- Relevant Consent - the status of the consent considered to be relevant or not. Includes two options: Yes and No
- Actions - click on the Select selector and apply the Erase Customer action to erase the personal data of the Customer.
The customer whose data is erased gets anonymized. This means that his/her personal data in the grid is now hidden behind asterisks in the ID, Name, and Email columns, correspondingly. However, his/her orders remain recorded in the store's database, though marked as guest-orders. These orders can be stored for a period determined by a local law.
To massively anonymize customer data, in addition to the Active column, the Admin can also use the Actions box above the grid.
Note that in M2 GDPR version 1.1.0 customers' data are not displayed in the Consent Relevance grid in the following cases:
The Consent Relevance page also includes the Reset Consent button, which resets all eligible consent statuses to 'No'. This is the case when the Admin may need to collect consents once again. If all the consents are reset, all the customers have to provide their consents once again.
Developer Notes: Data Deleting
Deleting data from Third-party Applications
In case if the data in the third-party application and Magento customer table are connected (Foreign Key), you don't need to do anything at all, as soon as the data is going to be deleted automatically (recommended). Otherwise, you need to add own "eraser" using the etc/di.xml file. The Eraser should use the Aheadworks\Gdpr\Model\Service\CustomerDataEraser\DataEraserInterface interface:
You can also use the following events:
You can always find the latest version of the software, full documentation, demos, screenshots, and reviews on http://aheadworks.com
License agreement: https://aheadworks.com/end-user-license-agreement
Contact Us: https://aheadworks.com/contact
Copyright © 2021 Aheadworks Co. http://www.aheadworks.com