Amasty GDPR Magento 2 Extension

- E-Commerce, Magento 2

On May 25, 2018, the GDPR regulations came into force, implying new requirements on personal data collection and management that ecommerce businesses have to follow. With the Amasty GDPR extension for Magento 2, merchants will get all necessary tools to make their web stores compliant with the GDPR legislation and collect and process customers’ data most transparently and efficiently.

Let’s see in detail what functionality the Magento 2 module provides.


Download / Buy Amasty GDPR Magento 2 Extension

  • Adaptable privacy policy

With the GDPR Magento 2 module, you can create multiple privacy policies depending on the area where you operate your ecommerce business. In this way, you can be sure that your data privacy policy complies with the local legal requirements. Also, privacy policies can be changed according to the modifications in the GDPR regulations. Using the extension’s functionality, you can create as many policy versions and texts as you need and update them when required.

  • Customer consents management

The Amasty GDPR module adds a dedicated checkbox to registration and checkout pages of your website so that both new customers and guest visitors can give their consent to the data privacy policy. Besides, you can create mailing lists and use them to send privacy policy consent requests or policy updates to your customers in bulk.

  • Configurable popups for collecting user consents

The module provides store owners with a beautiful popup window that can be used to ask visitors for data processing consents in a subtle way without too much disturbing. Later, customer consents can be used for Google and Facebook remarketing, marketing automation, A/B testing, and more.

  • Consents grids

In the backend, Magento admins can manage customers with and without privacy policy consent via two separate grids, as well as send email requests and export customers lists.

  • Delete requests management

The GDPR module by Amasty also provides a grid for managing delete requests, as it is the customers’ right granted by the GDPR regulations. Admins decide whether to approve such requests or refuse them.

  • Extended customer account area

Customers get new options in their accounts enabling them to download (via CSV file), anonymize (irreversible action), and request to delete personal details.


First, let’s go to the page where you can manage your privacy policy documents. The Privacy Policy grid is located under Customers → GDPR → Privacy Policy.

The grid consists of the following columns:

  • ID;
  • Date Created;
  • Version Number;
  • Last Edited;
  • Last Edited By;
  • Comment;
  • Status (Disabled, Enabled);
  • Action (Edit).

It is possible to apply filters and sorting to the grid, as well as to delete documents in bulk. By selecting Edit in the Action column, you can modify an existing privacy policy.

You can also create a new privacy document here by clicking the Add New Policy button. On the New Privacy Policy screen, you should specify the title of the document in the Comment field and the policy version, enable/disable the policy, and create the content for the document in the Policy WYSIWYG editor.

As for the management of customer consents, the Amasty GDPR extension provides admin users with two separate grids. First, let’s see how the Customers With Consent grid looks. The grid gathers the data on the customers who accepted the privacy policy and shows a customer’s name, email, the date of giving consent, and the version of the policy document he or she agreed. You can use Email Consequent Request action to send requests for accepting the new policy version to selected customers.

To see which customers didn’t accept your privacy policy, navigate to Customers → GDPR → Customers Without Consent. In the grid, you can view customers’ names, emails, and country. If you select Email Consent Request in the Actions drop-down, the module will send requests to agree to the privacy policy to selected customers.

There is also the Customers Consents Email Queue grid where admins can check statuses of sent emails.

As for the mentioned before delete requests management, the appropriate grid shows the date when a request was submitted, customer name and email, and quantity of completed and pending orders. As for the Actions menu, here you can decide whether you want to approve or deny an account removal request.

One more grid provided by the Amasty GDPR Magento 2 extension is related to actions logging. The Action Log grid includes all activity of your website visitors connected to privacy policy consents and GDPR part in their accounts.

As for the main settings, the GDPR Magento 2 module’s configuration is divided into two sections: Geo Ip Data and GDPR. In Geo Ip Data, you can download and import Geo IP database, so that the location of your store users will be identified.

The GDPR section is divided into four tabs: Anonymisation Notifications, Account Deletion Notifications, Consent Request Notifications, and Privacy Checkbox.

In the first three tabs, you should select an email sender and email template for three types of notifications separately.

In Privacy Checkbox, you can enable display of the privacy policy consent checkbox only for EU countries, specify the text shown next to the consent checkbox, and decide whether to add the checkbox to registration and checkout pages.

Now, let’s see how the GDPR extension communicates with the frontend users of your web store.


As we have already described, you can add a checkbox to let customers give consent to the privacy policy on the registration and checkout pages.

Below, you can see how the checkbox looks on the registration page:

If a customer doesn’t want to fill in the registration form, they can also accept privacy policy on the checkout page:

By clicking “privacy policy” link next to the checkbox, a user will open the privacy policy document in a new window.

After installing the GDPR module, customer account area gets a new section – Privacy Settings. Here users can download their personal details in a CSV file, anonymize their personal data, and send requests to delete their accounts.

Anonymization of personal data changes how it looks in the account information by substituting customer’s contact and address details with the random sequence of symbols.

Recent Updates

Magento 2 GDPR 1.2.1

  • Possibility to edit the list of EU countries in the admin panel was implemented.
  • New option: the cookie policy bar can be placed at the top of the screen.
  • Possibility to switch on/off anonymization, deletion, and download actions of personal data for customers was added.
  • Now it is possible to place Privacy Policy confirmation checkboxes on the “Contact Us” and “Newsletter Subscription” forms.
  • New feature: personal data of an order made by a guest can be anonymized now.

Magento 2 GDPR 1.1.7

  • Now it is possible to adjust the style of the cookie policy bar.
  • The cookie policy bar can be managed in the backend now.
  • New option: possibility to disallow optional cookies.

Final Words

The Amasty’s new module for GDPR compliance brings merchants a comprehensive toolset to follow the latest EU legislation requirements. With the module’s features, you are enabled to collect, process and store customers’ personal data most properly and effectively. The price of the Magento 2 extension is $199 with free lifetime updates and 90 days of free support included.

Download / Buy Amasty GDPR Magento 2 Extension