The Configuration page of the extension (Stores > Configuration > Aheadworks Extensions > GDPR) includes two sections: General and Email Settings.
The Email Settings section contains the following configuration options:
- Sender - a contact to be used as a sender for request confirmation emails;
- Removal Confirmation Email Template - an email template to be used for personal data removal requests;
- Data Access Confirmation Email Template - an email template to be used for personal data access requests.
That's it. The configuration is done.
Data Access Requests
As soon as information access requests are verified by email they appear in the Data Access Requests grid for further processing by Magento Admins. The grid is located on the corresponding page (Customers > GDPR by Aheadworks > Data Access Requests) and includes the following columns:
- Customer ID - ID of a customer;
- Name - customer's name;
- Email - customer's email;
- Status - request status. Available options include: Pending, Processing, Completed, Canceled;
- Created At - date and time of the request submission;
- Resolved At - resolution date and time;
- Actions - the column contains an active link, which allows Magento admins to change the status of a request or download customer information in PDF (human-readable format) or XML (machine-readable format).
The above formats, in fact, are intended for different purposes and exercise two different GDPR rights. PDF allows customers to access their personal information, while XML allows customers to make data portable and transfer it to other solutions or applications.
In addition to the Actions column, request statuses can be changed massively using the Actions drop-down.
Developer Notes: Data Export
Export of the Data Stored in Third-party Applications
- Add the following code lines to the etc/di.xml file:
<argument name="dataCollectors" xsi:type="array">
<item name="your_module_data" xsi:type="array">
<item name="module" xsi:type="string">Vendor_YourModule</item>
<item name="collector" xsi:type="string">
<item name="position" xsi:type="number">150</item>
<virtualType name="Aheadworks\Gdpr\Model\Service\CustomerDataCollector\YourModuleDataCollector" type="Aheadworks\Gdpr\Model\Service\CustomerDataCollector\DataCollector">
<argument name="title" xsi:type="string">Your Module Information</argument>
<argument name="dataProcessor" xsi:type="string">
- And create the data processing Vendor\YourModule\Model\YourModuleDataProcessor.php file as follows:
* Class YourModuleDataProcessor
* @package Vendor\YourModule\Model
class YourModuleDataProcessor implements DataProcessorInterface
* Get your module data
* @param CustomerInterface $customer
* @param int|null $storeId
* @return array
public function getData($customer, $storeId)
'test' => 'Message',
'items' => [
'item_1' => 'Item 1',
'item_2' => 'Item 2',
'item_3' => 'Item 3',
The same way customers may ask to delete own personal information, still, these requests are collected in the Removal Requests grid located at Customers > GDPR by Aheadworks > Removal Requests. The table has absolutely the same columns and the only thing changed is that the Actions column of the grid only allows Magento admins to manage request statuses.
The grid is related to the right of customers to erase own personal information used by the merchant.
As soon as Magento merchants receive requests to delete some personal data, they can do this on the Consent Relevance page. The corresponding grid contains a list of all customers, including guest ones, and allows admins to anonymize customer data in one click. Additionally, on this page, Magento admins are able to track and manage consent statuses of customers. Still, let's start from the beginning.
The Consent Relevance grid is located at Customers > GDPR by Aheadworks > Concent Relevance and contains the following columns:
- Customer ID, Name, Email - the same columns described previously;
- Latest Consent Date - the date and time a consent was provided last time;
- Relevant Consent - the status of a consent considered to be relevant or not. Includes two options: Yes and No;
- Actions - an active link that allows erasing personal data and anonymizing a customer.
In addition to the Active column, Magento admins can also use the Actions drop-down to massively anonymize selected customer data.
The Consent Relevance page also includes the Reset Consent button, which resets all eligible consent statuses to 'No' so you need to collect them once again. If all the consents are reset, all existing customers have to provide their consents once again the way it's explained in the GDPR Frontend Use section of this guide.
Developer Notes: Data Deliting
Deleting data from Third-party Applications
In case if the data in the third-party application and Magento customer table are connected (Foreign Key), you don't need to do anything at all, as soon as the data is going to be deleted automatically (recommended). Otherwise, you need to add own "eraser" using the etc/di.xml file. The Eraser should use the Aheadworks\Gdpr\Model\Service\CustomerDataEraser\DataEraserInterface interface:
<argument name="dataErasers" xsi:type="array">
<item name="Vendor_YourModule" xsi:type="string">Vendor\YourModule\Model\YourModuleEraser
You can also use the following events:
"aw_gdpr_customer_data_delete_before", params: customer_id
"aw_gdpr_guest_data_delete_after", params: customer_id
"aw_gdpr_guest_data_delete_before", params: email, store_ids
"aw_gdpr_guest_data_delete_after", params: email, store_ids
|title||Product Page |