On May 25, 2018, the GDPR legislation came into force, implying new requirements on personal data collection and management that ecommerce businesses have to follow. With the Amasty GDPR extension for Magento 2, merchants will get all necessary tools to make their web stores compliant with the GDPR legislation and collect and process customers’ data most transparently and efficiently.
Let’s see in detail what functionality the Magento 2 module provides.
- Configurable popups for collecting user consents
The module provides store owners with a beautiful popup window that can be used to ask visitors for data processing consents in a subtle way without disturbing them too much. Later, customer consents can be used for Google and Facebook remarketing, marketing automation, A/B testing, and more.
- Cookie consents
- Customer consents management
- Delete requests management
The GDPR module by Amasty also provides a grid for managing delete requests, as it is the customers’ right granted by the GDPR regulations. Admins decide whether to approve such requests or refuse them.
- Automatic removal of customers’ personal data
You can configure the extension in a way that accounts of customers who were inactive for a specific period will be removed automatically. To avoid tax control issues, you can set a period during which customers’ data should be kept in the recent orders, invoices, shipments, and credit memos after deleting a customer account.
- Extended customer account area
Customers get new options in their accounts that enable them to download (via CSV file), anonymize (irreversible action), and request to delete personal details.
The grid consists of the following columns:
- Date Created;
- Version Number;
- Last Edited;
- Last Edited By;
- Status (Disabled, Enabled);
- Action (Edit).
As for the mentioned before delete requests management, the appropriate grid shows the date when a request was submitted, customer name and email, initiator of the request (customer or automatic procedure), and quantity of completed and pending orders. As for the Actions menu, here, you can decide whether you want to approve or deny an account removal request.
As for the main settings, the GDPR Magento 2 module’s configuration is divided into two sections: Geo Ip Data and GDPR. In Geo Ip Data, you can download and import the Geo IP database, so that the location of your store users will be identified.
The GDPR section is divided into four tabs: General, Customer’s Account Privacy Settings, Personal Data Deletion and Anonymization, and Email Notifications. In the first one, you enable/disable the consent functionality on the frontend and decide whether to clean consents and actions logs automatically. If the auto-cleaning feature is activated, you should set a period in days after which the logged records should be removed.
In the following tab, you can allow customers to download and anonymize their personal data and delete their accounts.
The Personal Data Deletion and Anonymization tab is divided into 2 sections: Automatic Personal Data Deletion and Prevent Data Deletion of Recent Orders. In the first one, you can activate the auto-delete of personal data of customers who didn’t make any orders for a specified period of time.
Another section here lets you disable deleting customers’ data in order-related documents during a specified time interval. Besides, you can define order statuses that will not allow customers to anonymize or delete their personal info.
In Email Notifications, first, select an email sender and email template for notifications sent to customers after they anonymize their data. You can also specify an email address different from the sender’s one for customers’ replies.
Then, you can enable notifications sent to admins when a customer sends a deletion request, choose an email sender and template, and specify addresses of email recipients.
In the same tab, you specify email senders, email addresses for sending replies, and email templates for notifications sent to customers on the approval and denial of their requests.
Now, let’s see how the GDPR extension communicates with the frontend users of your web store.
After installing the GDPR module, the customer account area gets a new section – Privacy Settings. Here, users can download their personal details in a CSV file, anonymize their data, and send requests to delete their accounts.
Anonymization of personal data changes how it looks in the account information by substituting customer’s contact and address details with the random sequence of symbols.
Magento 2 GDPR 2.0.2
- The ability to create multiple consent checkboxes and place them separately on various website pages was introduced.
- A new option was added to the admin area: the ability to download customer’s personal data in the CSV format.
- The auto-delete feature of accounts of customers who didn’t make orders for a specified period of time was added.
- Now it is possible to show or hide dedicated checkboxes after a website visitor gave consent.
- Now the number of new delete requests is displayed in the sidebar menu in the Magento Admin.
- Now it is possible to process delete requests via API.
- “Customers with consent” and “Customers without consent” grids were removed.
Magento 2 GDPR 1.6.6
- Improvements in the Geo IP Data module: unit tests were added, and the code was refactored.
Magento 2 GDPR 1.5.6
- A dedicated cookie settings page was added to the frontend.
- The setting allowing to enable/disable the extension was added.
Magento 2 GDPR 1.4.8
- Cookies functionality was improved with Ajax, which leads to no page reloads after performing actions with cookies on the frontend.
- The cookie consents grid was added to the Magento Admin.
Magento 2 GDPR 1.3.0
- Now it is possible to revoke the cookie consent.
- Now, store admins can restrict access to the website before cookie consent is given by a customer.
- Settings for sending admin notifications on the delete requests submitted by customers were added.
- The “Customers with consent” grid was extended with new columns.
Magento 2 GDPR 1.2.2
- Possibility to edit the list of EU countries in the admin panel was implemented.
- Possibility to switch on/off anonymization, deletion, and download actions of personal data for customers was added.
- New feature: personal data of an order made by a guest can be anonymized now.
Magento 2 GDPR 1.1.7
- New option: possibility to disallow optional cookies.
The Amasty’s new module for GDPR compliance brings merchants a comprehensive toolset to follow the latest EU legislation requirements. With the module’s features, you will be able to collect, process, and store customers’ personal data most properly and effectively. The price of the Magento 2 extension is $219, with free lifetime updates and 90 days of free support included.'