Child pages
  • GDPR - Magento 2

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Section

Extension Settings

The Configuration page of the extension (Stores > Configuration > Aheadworks Extensions > GDPR) includes two sections: General and Email Settings.

The Data Protection Policy page of the General section allows you to determine a privacy policy CMS page to be used as a destination of the Privacy Policy link displayed on the registration page and consent confirmation popup.

The Email Settings section contains the following configuration options:

  • Sender - a contact to be used as a sender for request confirmation emails;
  • Removal Confirmation Email Template - an email template to be used for personal data removal requests;
  • Data Access Confirmation Email Template - an email template to be used for personal data access requests.

That's it. The configuration is done.

Data Access Requests

As soon as information access requests are verified by email they appear in the Data Access Requests grid for further processing by Magento Admins. The grid is located on the corresponding page (Customers > GDPR by Aheadworks > Data Access Requests) and includes the following columns:

  • Customer ID - ID of a customer;
  • Name - customer's name;
  • Email - customer's email;
  • Status - request status. Available options include: Pending, Processing, Completed, Canceled;
  • Created At - date and time of the request submission;
  • Resolved At - resolution date and time;
  • Actions - the column contains an active link, which allows Magento admins to change the status of a request or download customer information in PDF (human-readable format) or XML (machine-readable format).

 

Info

The above formats, in fact, are intended for different purposes and exercise two different GDPR rights. PDF allows customers to access their personal information, while XML allows customers to make data portable and transfer it to other solutions or applications.

In addition to the Actions column, request statuses can be changed massively using the Actions drop-down.

Developer Notes: Data Export

Info
width100%

Export of the Data Stored in Third-party Applications

  • Add the following code lines to the etc/di.xml file:
Panel
borderStylesolid
borderWidth2px
<type name="Aheadworks\Gdpr\Model\Service\CustomerDataCollector">
        <arguments>
            <argument name="dataCollectors" xsi:type="array">
                <item name="your_module_data" xsi:type="array">
                    <item name="module" xsi:type="string">Vendor_YourModule</item>
                    <item name="collector" xsi:type="string">
                           Aheadworks\Gdpr\Model\Service\CustomerDataCollector\YourModuleDataCollector
                    </item>
                    <item name="position" xsi:type="number">150</item>
                </item>
            </argument>
        </arguments>
</type>
<virtualType name="Aheadworks\Gdpr\Model\Service\CustomerDataCollector\YourModuleDataCollector" type="Aheadworks\Gdpr\Model\Service\CustomerDataCollector\DataCollector">
        <arguments>
            <argument name="title" xsi:type="string">Your Module Information</argument>
            <argument name="dataProcessor" xsi:type="string">
                   Vendor\YourModule\Model\YourModuleDataProcessor
            </argument>
        </arguments>
</virtualType>

 

  • And create the data processing Vendor\YourModule\Model\YourModuleDataProcessor.php file as follows:
Panel
borderStylesolid
borderWidth2px
width50%
<?php
namespace Vendor\YourModule\Model;

use Aheadworks\Gdpr\Model\Service\CustomerDataCollector\DataProcessorInterface;
use Magento\Customer\Api\Data\CustomerInterface;

/**
 * Class YourModuleDataProcessor
 * @package Vendor\YourModule\Model
 */
class YourModuleDataProcessor implements DataProcessorInterface
{   
    /**
     * Get your module data
     *
     * @param CustomerInterface $customer
     * @param int|null $storeId
     * @return array
     */
    public function getData($customer, $storeId)
    {
        return [
            'test' => 'Message',
            'items' => [
                'item_1' => 'Item 1',
                'item_2' => 'Item 2',
                'item_3' => 'Item 3',
            ]
        ];
    }
}

Removal Requests

The same way customers may ask to delete own personal information, still, these requests are collected in the Removal Requests grid located at Customers > GDPR by Aheadworks > Removal Requests. The table has absolutely the same columns and the only thing changed is that the Actions column of the grid only allows Magento admins to manage request statuses.

Info

The grid is related to the right of customers to erase own personal information used by the merchant.

Consent Relevance

As soon as Magento merchants receive requests to delete some personal data, they can do this on the Consent Relevance page. The corresponding grid contains a list of all customers, including guest ones, and allows admins to anonymize customer data in one click. Additionally, on this page, Magento admins are able to track and manage consent statuses of customers. Still, let's start from the beginning.

The Consent Relevance grid is located at Customers > GDPR by Aheadworks > Concent Relevance and contains the following columns:

  • Customer ID, Name, Email - the same columns described previously;
  • Latest Consent Date - the date and time a consent was provided last time;
  • Relevant Consent - the status of a consent considered to be relevant or not. Includes two options: Yes and No;
  • Actions - an active link that allows erasing personal data and anonymizing a customer.

In addition to the Active column, Magento admins can also use the Actions drop-down to massively anonymize selected customer data.

The Consent Relevance page also includes the Reset Consent button, which resets all eligible consent statuses to 'No' so you need to collect them once again. If all the consents are reset, all existing customers have to provide their consents once again the way it's explained in the GDPR Frontend Use section of this guide.

Developer Notes: Data

Deliting

Deleting

Info
width100%

Deleting data from Third-party Applications

In case if the data in the third-party application and Magento customer table are connected (Foreign Key), you don't need to do anything at all, as soon as the data is going to be deleted automatically (recommended). Otherwise, you need to add own "eraser" using the etc/di.xml file. The Eraser should use the Aheadworks\Gdpr\Model\Service\CustomerDataEraser\DataEraserInterface interface:

Panel
borderStylesolid
borderWidth2px
<type name="Aheadworks\Gdpr\Model\Service\CustomerDataEraser">
        <arguments>
            <argument name="dataErasers" xsi:type="array">
                <item name="Vendor_YourModule" xsi:type="string">Vendor\YourModule\Model\YourModuleEraser
                </item>                
            </argument>
        </arguments>
</type>

 

You can also use the following events:

Panel
borderStylesolid
borderWidth2px
width50%
"aw_gdpr_customer_data_delete_before", params: customer_id
"aw_gdpr_guest_data_delete_after", params: customer_id
"aw_gdpr_guest_data_delete_before", params: email, store_ids
"aw_gdpr_guest_data_delete_after", params: email, store_ids

UI Button
titleProduct Page
colororange
urlhttps://ecommerce.aheadworks.com/magento-2-extensions/gdpr/
sizelarge

...