Amasty GDPR Magento 2 Extension

On May 25, 2018, the GDPR legislation came into force, implying new requirements on personal data collection and management that ecommerce businesses have to follow. With the Amasty GDPR extension for Magento 2, merchants will get all necessary tools to make their web stores compliant with the GDPR legislation and collect and process customers’ data most transparently and efficiently.

Let’s see in detail what functionality the Magento 2 module provides.

Download / Buy Amasty GDPR Magento 2 Extension

Features

• Adaptable privacy policy

With the GDPR Magento 2 module, you can create multiple privacy policies depending on the area where you operate your ecommerce business. In this way, you can be sure that your data privacy policy complies with the local legal requirements. Also, privacy policies can be changed according to the modifications in the GDPR regulations. Using the extension’s functionality, you can create as many policy versions and texts as you need and update them when required.

• Configurable popups for collecting user consents

The module provides store owners with a beautiful popup window that can be used to ask visitors for data processing consents in a subtle way without disturbing them too much. Later, customer consents can be used for Google and Facebook remarketing, marketing automation, A/B testing, and more.

• Various positions of the privacy policy link on store pages

The Amasty GDPR compliance extension allows placing a link to the privacy policy on any CMS page or in a custom block.

• Multiple checkboxes on various forms for accepting the privacy policy

With the Amasty GDPR module, you can create any number of dedicated checkboxes and add them to the registration, checkout, contact us, and newsletter subscription pages of your website. The Magento 2 module provides flexible settings for adjusting the display of the checkboxes. Besides specifying a suitable position for the consent checkbox, you can create a custom text and insert the privacy policy link into the checkbox text using an appropriate variable. This way, both new customers and guest visitors can give their consent to the data privacy policy.

• Cookie consents

The Magento 2 GDPR extension includes all settings of Amasty Cookie Consent. You can display customizable Cookie Policy popup on the frontend that allows customers to understand which cookies are being collected and decide which of them to accept. It is possible to create different groups for each type of cookies and manage them on a separate grid in the Magento Admin. If a customer changes their mind about given consent to the cookies from a particular group, they will be able to disallow collecting their personal data on the dedicated cookie settings page.

• Customer consents management

The GDPR Magento 2 module logs all customers’ consents, so that your store admins can view and manage them from one place in the Magento backend. One more grid provided by the Amasty GDPR extension is related to actions logging. The Action Log grid includes all activities of your website visitors related to privacy policy consents and GDPR part in their accounts. Furthermore, the GDPR extension allows setting log auto-cleaning after a specified period. 

• Delete requests management

The GDPR module by Amasty also provides a grid for managing delete requests, as it is the customers’ right granted by the GDPR regulations. Admins decide whether to approve such requests or refuse them.

• Automatic removal of customers’ personal data

You can configure the extension in a way that accounts of customers who were inactive for a specific period will be removed automatically. To avoid tax control issues, you can set a period during which customers’ data should be kept in the recent orders, invoices, shipments, and credit memos after deleting a customer account.

• Extended customer account area

Customers get new options in their accounts that enable them to download (via CSV file), anonymize (irreversible action), request to delete personal details, and revoke previously given consents.

Backend

First, let’s go to the page where you can manage your privacy policy documents. The Privacy Policy grid is located under Customers → GDPR → Privacy Policy.

The grid consists of the following columns:

• ID;
• Date Created;
• Version Number;
• Last Edited;
• Last Edited By;
• Comment;
• Status (Disabled, Enabled);
• Action (Edit).

It is possible to apply filters and sorting to the grid, as well as delete documents in bulk. By selecting Edit in the Action column, you can modify an existing privacy policy.

You can also create a new privacy document here by clicking the Add New Policy button. On the New Privacy Policy screen, you should specify the title of the document in the Comment field and the policy version, enable/disable the policy, and create the content for the document in the Policy WYSIWYG editor.

As mentioned above, the Magento 2 GDPR compliance extension allows creating multiple checkboxes on the privacy policy forms. You can view and manage all checkboxes on a separate grid under Customers → GDPR → Consent Checkboxes. The grid shows an ID, name, code, and status of each checkbox, whether it is required or not, gets hidden after a user’s consent, and logged, as well as its location and position. You can edit existing checkboxes, as well as delete selected ones in bulk.    

If you want to add a new consent checkbox, first, you will need to specify its name (visible to admin) and code and enable it to make visible on the frontend. Then, decide whether the checkbox will be marked as required. Here, you also activate/deactivate saving a user’s consent in the Consent Log grid. Next, decide whether to display or hide the checkbox after a customer gives their consent, set the position of the checkbox on the form, and select on which pages of your website it will be located. You should also create a text displayed next to the checkbox, choose a type of the consent link (GDPR Privacy policy or CMS Page), and define to customers from which countries the checkbox will be visible.

As for the management of customer consents, the Amasty GDPR extension provides admin users with a separate grid that collects all customer consents. The grid gathers the following data: a customer’s ID, name, IP address, and email, the date of giving consent or declining the privacy policy, checkbox location and code, the version of the policy document, website, and action (Accept or Decline). You can use mass action to delete selected consents in bulk.

Another grid available in the Magento Admin logs customers’ actions related to approving or declining privacy policy on your webstore pages, as well as requests in regards to GDPR sent from customers’ accounts.

As for the mentioned before delete requests management, the appropriate grid shows the date when a request was submitted, customer name and email, initiator of the request (customer or automatic procedure), and quantity of completed and pending orders. As for the Actions menu, here, you can decide whether you want to approve or deny an account removal request.

As for the main settings, the GDPR Magento 2 module’s configuration is divided into two sections: Geo Ip Data and GDPR. In Geo Ip Data, you can download and import the Geo IP database, so that the location of your store users will be identified.

The GDPR section is divided into four tabs: General, Customer’s Account Privacy Settings, Personal Data Deletion and Anonymization, and Email Notifications. In the first one, you enable/disable the consent functionality on the frontend, activate/deactivate logging of guest users’ consent, and decide whether to clean consents and action logs automatically. If the auto-cleaning feature is activated, you should set a period in days after which the logged records should be removed.

In the following tab, you can allow customers to download and anonymize their personal data, delete their accounts, and opt out from consents that they have submitted before. 

The Personal Data Deletion and Anonymization tab is divided into 2 sections: Automatic Personal Data Deletion and Prevent Data Deletion of Recent Orders. In the first one, you can activate the auto-delete of personal data of customers who didn’t make any orders during a specified period.

Another section here lets you disable deleting customers’ data in order-related documents during a specified time interval. Besides, you can define order statuses that will not allow customers to anonymize or delete their personal info.

In Email Notifications, first, select an email sender and email template for notifications sent to customers after they anonymize their data. You can also specify an email address different from the sender’s one for customers’ replies.

Then, you can enable notifications sent to admins when a customer sends a deletion request, choose an email sender and template, and specify addresses of email recipients.

In the same tab, you specify email senders, email addresses for sending replies, and email templates for notifications sent to customers on the approval and denial of their requests. 

Now, let’s see how the GDPR extension communicates with the frontend users of your web store.

Frontend

As we have already described, you can add multiple checkboxes to let customers give consent to the privacy policy on the registration, checkout, contact us, and newsletter subscription pages. Below, you can see how the checkboxes look on the registration page:

If a customer doesn’t want to fill in the registration form, they can also accept the privacy policy on the checkout page:

By clicking the “privacy policy” link next to the checkbox, a user will open the policy document in a new window.

After installing the GDPR module, the customer account area gets a new section – Privacy Settings. Here, users can download their personal details in a CSV file, anonymize their data, send requests to delete their accounts, and opt in or opt out from previously submitted consent.

Anonymization of personal data changes how it looks in the account information by substituting customer’s contact and address details with the random sequence of symbols.

Recent Updates

Magento 2 GDPR 2.3.7

• Compatibility with Amasty Jet Theme was introduced.
• Now it is possible to collect and log policy consents given by guest visitors.

Magento 2 GDPR 2.2.0

• The extension has been covered with MFTF tests for improved quality and stability.

Magento 2 GDPR 2.1.1

• New functionality that allows customers to opt in and opt out from previously given consents was added to the Privacy Settings tab in the customer account area.
• Now the extension is fully compatible with Amasty Social Login.

Magento 2 GDPR 2.0.2

• The ability to create multiple consent checkboxes and place them separately on various website pages was introduced.
• A new option was added to the admin area: the ability to download customer’s personal data in the CSV format.
• The auto-delete feature of accounts of customers who didn’t make orders for a specified period of time was added.
• Now it is possible to show or hide dedicated checkboxes after a website visitor gave consent.
• Automatic log cleaning of the customers’ action records related to the privacy policy and GDPR was introduced.
• Now the number of new delete requests is displayed in the sidebar menu in the Magento Admin. 
• Now it is possible to process delete requests via API.
• “Customers with consent” and “Customers without consent” grids were removed.

Magento 2 GDPR 1.6.6

• Improvements in the Geo IP Data module: unit tests were added, and the code was refactored.

Magento 2 GDPR 1.5.6

• A dedicated cookie settings page was added to the frontend.
• The setting allowing to enable/disable the extension was added.

Magento 2 GDPR 1.4.8

• A new feature was added: the ability to create a link to the privacy policy document via the Amasty Privacy Policy widget.
• Cookies functionality was improved with Ajax, which leads to no page reloads after performing actions with cookies on the frontend.
• The cookie consents grid was added to the Magento Admin.

Magento 2 GDPR 1.3.0

• Now it is possible to revoke the cookie consent.
• Now, store admins can restrict access to the website before a customer gives cookie consent.
• Settings for sending admin notifications on the delete requests submitted by customers were added.
• The “Customers with consent” grid was extended with new columns. 
• “Draft” state was added to the privacy policy configuration.

Magento 2 GDPR 1.2.2

• The possibility to edit the list of EU countries in the admin panel was implemented.
• New option: the cookie policy bar can be placed at the top of the screen.
• The possibility to switch on/off anonymization, removal, and download actions of personal data for customers was added.
• Now it is possible to place Privacy Policy confirmation checkboxes on the “Contact Us” and “Newsletter Subscription” forms.
• New feature: personal data of an order made by a guest can be anonymized now.

Magento 2 GDPR 1.1.7

• Now it is possible to adjust the style of the cookie policy bar.
• The cookie policy bar can be managed in the backend now.
• New option: possibility to disallow optional cookies.

Final Words

The Amasty’s new module for GDPR compliance brings merchants a comprehensive toolset to follow the latest EU legislation requirements. With the module’s features, you will be able to collect, process, and store customers’ personal data most properly and effectively. The price of the Magento 2 extension is $249, with free lifetime updates and 90 days of support included.

Download / Buy Amasty GDPR Magento 2 Extension