Magento 2 GDPR extension allows Magento merchants to collect customer consents on registration, checkout, and other pages. Even more, the module allows providing customers with their right to access, copy, transfer, and erase personal data processed by the store and related third-party extensions. Customers are able to access, copy, and delete personal information in one click from customer accounts, while the verification process makes Magento merchants sure about the eligibility of submitted requests.
Compatibility: Magento Open Source 2.2.X, Magento Commerce 2.2.X
Thank you for choosing Aheadworks!
Installing mPDF Library
Before generating customer information in PDF, you need to install the mPDF library executing the following command at the command prompt:
Command Line Installation
What Makes the Extension Different
- The dedicated functionality enables you to comply with most essential GDPR requirements, including the customers right to access, copy, transfer, and delete their personal data;
- Customers are able to request access or deletion of personal data from their customer accounts in one click;
- The implemented verification allows you to reduce fraudulent data requests;
- The extension allows you to split up customers with and without consents and manage each group individually;
- The extension API allows you to get and erase data from third-party apps.
GDPR Frontend Use
New Customer Consents
Those customers who want to make their first purchase in a store provide their consent either on registration or on checkout pages.
Developer Notes: Consent Popup Integration
In case a customer wants to provide the consent later and clicks the 'Ask me later...' link, he is taken to the home page of the store and can finish browsing, if necessary.
Existing Customer Consents
Existing customers provide their consent at the moment they enter their accounts in your store. Immediately after signing in the store, they will see the same pop-up asking them to provide the consent.
Customer Accounts Functionality
Except for the necessity to provide their consents, customers have the right to access, copy, transfer and delete their personal information. They can exercise it right from their customer accounts in the Account Information section. For the purpose, the section contains two buttons: Delete My Account and Get My Data. As soon as they click one of the mentioned buttons, they will receive a verification email allowing them to confirm the request personally. After that, the submitted requests appear in the backend.
The Configuration page of the extension (Stores > Configuration > Aheadworks Extensions > GDPR) includes two sections: General and Email Settings.
The Email Settings section contains the following configuration options:
- Sender - a contact to be used as a sender for request confirmation emails;
- Removal Confirmation Email Template - an email template to be used for personal data removal requests;
- Data Access Confirmation Email Template - an email template to be used for personal data access requests.
That's it. The configuration is done.
Data Access Requests
As soon as information access requests are verified by email they appear in the Data Access Requests grid for further processing by Magento Admins. The grid is located on the corresponding page (Customers > GDPR by Aheadworks > Data Access Requests) and includes the following columns:
- Customer ID - ID of a customer;
- Name - customer's name;
- Email - customer's email;
- Status - request status. Available options include: Pending, Processing, Completed, Canceled;
- Created At - date and time of the request submission;
- Resolved At - resolution date and time;
- Actions - the column contains an active link, which allows Magento admins to change the status of a request or download customer information in the PDF (human-readable) and XML (machine-readable) file formats.
In addition to the Actions column, request statuses can be changed massively using the Actions box.
Developer Notes: Data Export
The same way customers may ask to delete own personal information, still, these requests are collected in the Removal Requests grid located under Customers > GDPR by Aheadworks > Removal Requests. The grid has absolutely the same columns as the previous one. The only difference is that the Actions column in the grid only allows Magento admins to manage request statuses. The same actions can be performed massively from the Actions box above the grid.
Once the customer's data removal request has been approved, his/her personal data is erased from the store. The data includes the customer's ID, Name, and Email.
As soon as Magento merchants receive requests to delete some personal data, they can do this on the Consent Relevance page. The corresponding grid contains a list of all customers, including guest ones, and allows admins to anonymize customer data in one click. Additionally, on this page, Magento admins are able to track and manage consent statuses of customers. Still, let's start from the beginning.
The Consent Relevance grid is located at Customers > GDPR by Aheadworks > Concent Relevance and contains the following columns:
- Customer ID, Name, Email - the same columns described previously;
- Latest Consent Date - the date and time a consent was provided last time;
- Relevant Consent - the status of a consent considered to be relevant or not. Includes two options: Yes and No;
- Actions - contang the Select box that allows erasing the personal data of the customer.
In addition to the Active column, Magento admins can also use the Actions box above the grid to massively anonymize the selected customer data.
The Consent Relevance page also includes the Reset Consent button, which resets all eligible consent statuses to 'No' so you need to collect them once again. If all the consents are reset, all existing customers have to provide their consents once again the way it's explained in the GDPR Frontend Use section of this guide.
Developer Notes: Data Deleting
You can always find the latest version of the software, full documentation, demos, screenshots and reviews at http://ecommerce.aheadworks.com
License agreement: http://ecommerce.aheadworks.com/LICENSE-M1.txt
Contact Us: http://ecommerce.aheadworks.com/contacts/
Copyright © 2019 aheadWorks Co. http://www.aheadworks.com