Today, we will talk about Magento 2 possibilities related to the protection of customers’ data within the territory of Brazil. Brazilian General Data Protection Law, or LGPD, became effective on August 15, 2020. The law implies the legal basis and standardization of rules and practices for processing sensitive data of online shoppers from Brazil. According to
The main goal of the Brazilian General Data Protection Law is to protect the rights of customers from Brasil regarding their personal data. The law covers the following rights:
- the right to get access to personal data;
- the right for rectification;
- the right to erase the data;
- the right to restrict processing of personal details;
- the right for data portability;
- the right to object.
The Amasty Magento 2 LGPD extension provides merchants with the settings that enable them to make their stores fully compliant with the latest LGPD requirements and inform website visitors about how their data is used and processed.
Table of contents
- Management of cookies and cookie groups;
- Customizable design of the cookie bar;
- Dedicated CMS page for managing cookie settings on the frontend;
- Built-in GeoIP support;
- Display of consent checkboxes based on the user geolocation;
- Ability to manage privacy settings in the customer account area;
- Auto-removal of abandoned customer accounts;
- Management of account removal requests in the backend.
Also, note that the Magento 2 LGPD Brasil module lets customers view and manage their cookie settings on a separate CMS page. The Cookie Settings page provides detailed information on each type of cookies collected on your store and lists all cookies wth their description and duration in every group. This way, you will comply with the LGPD law’s requirement on providing online customers with the right to revoke their consents at any time. All cookie usage consents given by customers are gathered in a dedicated log.
Moreover, LGPD regulations require online store owners to provide customers with the ability to get access to their personal information, as well as modify and erase it. With the Amasty LGPD Magento 2 extension, customers registered on your store get a chance to manage their data in the extended account area. The module adds new options to the customer accounts, letting them download a CSV file that keeps the copy of their personal details, anonymize data, and send a request for removing their account.
As for the admin possibilities provided by the Magento 2 LGPD compliance module, they help store managers to comply with the law’s requirement to keep records of customers’ data processing. All submitted consents are logged in a separate grid that allows users to view them from one place and delete selected records in bulk. Another log in the extension’s backend collects data on the activities related to personal data management, performed by customers from their accounts.
One more vital feature of the Amasty LGPD Magento 2 extension is the automatic removal of inactive customer accounts. The module automatically deletes outdated information after the time specified in the backend. At the same time, the tool lets you set a period for keeping data in the recent order-related documents, which will help you avoid possible issues with tax control or other institutions.
First, let’s see which possibilities the Amasty Magento 2 LGPD compliance module offers in regards to the cookies management.
All cookies are gathered on a separate grid under Customers -> Cookie Consent -> Cookies. The Cookies grid shows the following details: each cookie’s unique ID, name, a group where it is assigned, description, and lifetime. The grid supports the filtering and sorting of the columns and allows deleting selected cookies using appropriate mass action. You can edit the cookies information via the Action column, as well as create a new cookie by clicking the “Add New Cookie” button.
When creating a new cookie, you should specify its name and description, set a lifetime, and select one of the available groups to assign the cookie.
As for the cookie categories, they are managed on another grid under Customers -> Cookie Consent -> Cookie Groups. The Cookie Groups grid consists of the following columns:
- Cookie Group Name;
- Is Essential;
- Is Enabled;
Here, you can also apply filtering and sorting to the grid columns, modify details of a particular cookie group using the “Edit” action, as well as delete groups in bulk using mass actions. If you want to create a new cookie category, press the “Add New Group” button.
When adding a new group, you can enable/disable it and mark it as essential if required. Then, you should enter a new cookie group’s name, add a description (here, you can provide details on the usage of the cookies in this group), and select specific cookies to include in the group.
- Date Created;
- Version Number;
- Last Edited;
- Last Edited By;
- Status (Disabled, Enabled);
- Action (Edit).
As we’ve already mentioned, the Amasty Magento 2 LGPD compliance module allows adding multiple checkboxes to various forms and pages. Consent checkboxes are displayed on a separate grid that displays an ID, name, code, and status of each checkbox. The grid also shows whether a user’s consent is required or not, a checkbox gets hidden after a user gives consent, and the consent is logged. Here, you can also view a checkbox’s location and position on the frontend. You can edit particular checkboxes using the Action column, as well as delete selected checkboxes in bulk.
Requests for account removal sent by customers are displayed on the Delete Requests grid. Here, you can view the date and time when a request was submitted, customer name and email, initiator of the request (customer or automatic procedure), and the number of completed and pending orders. The mass actions menu allows admins to approve or deny selected requests in bulk.
Now, let’s explore the configuration page of the Brasil LGPD Magento 2 module, which is located under Stores -> Settings -> Configuration -> Amasty Extensions -> Personal Data Protection. All settings are divided into 3 sections: Cookie Consent, Geo Ip Data, and Personal Data Protection.
The Cookie Consent section includes 2 tabs: General Settings and Cookie Bar Customization.
In the following tab, you can customize the look of the cookie bar. First, select its style – Classic or Pop Up with Toggles. In case of applying the Pop Up with Toggles style, you will need to choose colors for the bar’s background; text of the policy and cookie group title and description; buttons in the bar and text on them; and links.
In Geo Ip Data, you can download the Geo IP database automatically or import files from your own source.
As for the Personal Data Protection section, it consists of four tabs: General, Customer’s Account Privacy Settings, Personal Data Deletion and Anonymization, and Email Notifications. In the General tab, enable the module’s functionality to start collecting privacy consents from your store visitors. Here, you also decide whether to log consents given by guest users. Besides, you can allow auto-cleaning of the consent and action logs and set the period for keeping records in the log.
The following tab lets you manage options in the customers’ accounts. You can decide whether to allow or disallow customers to download and anonymize their personal data, delete accounts, and opt in or opt out from the previously given consent.
The Personal Data Deletion and Anonymization tab is divided into 2 blocks with settings: Automatic Personal Data Deletion and Prevent Data Deletion of Recent Orders. In the first one, you can enable the function that will automatically generate the delete requests for accounts of customers who didn’t make any order during a specified period.
Another block allows you to keep personal customers’ data in recent order-related documents during a specified number of days. Here, you can also define order statuses that will not allow customers to anonymize or delete their personal info.
The Email Notifications tab lets you configure anonymization and deletion notifications separately. You need to select an email sender and email template for each type of alert and specify email addresses for customers’ replies.
Now, when you understand the Amasty LGPD Magento 2 module’s configuration from within, let’s see how it acts on the frontend.
When a user clicks the “More Information” link in the pop-up window, they will be redirected to the Cookie Settings page. Here, customers can read more detailed information on each cookie group, see lists of collected cookies in each group, as well as decide which cookie categories they will allow for processing.
The same page is accessible via the Cookie Settings link in the footer.
As for the content checkboxes, as described before, they can be placed on the registration, checkout, contact us, and newsletter subscription pages. Below, you can see how they appear on the new customer account creation form:
Furthermore, the Amasty LGPD Magento 2 extension adds a new tab – Privacy Settings – to the customer account area. Here, customers can download a copy of their data collected on your website in the CSV format, anonymize data, send a request for account removal, and opt in/opt out from their consents.
Magento 2 LGPD 2.3.7
- Compatibility with Amasty Jet Theme was introduced.
- Now it is possible to collect and log policy consents given by guest visitors.
Magento 2 LGPD 2.2.0
- The extension has been covered with MFTF tests for improved quality and stability.
Magento 2 LGPD 2.1.1
- New functionality that allows customers to opt in and opt out from previously given consents was added to the Privacy Settings tab in the customer account area.
- Now the extension is fully compatible with Amasty Social Login.
Magento 2 LGPD 2.0.2
- The ability to create multiple consent checkboxes and place them separately on various website pages was introduced.
- A new option was added to the admin area: the ability to download customer’s personal data in the CSV format.
- The auto-delete feature of accounts of customers who didn’t make orders for the specified time was added.
- Now it is possible to show or hide dedicated checkboxes after a website visitor gave consent.
- Now the number of new delete requests is displayed in the sidebar menu in the Magento Admin.
- Now it is possible to process delete requests via API.
- “Customers with consent” and “Customers without consent” grids were removed.
Magento 2 LGPD 1.6.6
- Improvements in the Geo IP Data module: unit tests were added, and the code was refactored.
Magento 2 LGPD 1.5.6
- A dedicated cookie settings page was added to the frontend.
- The setting allowing to enable/disable the extension was added.
Magento 2 LGPD 1.4.8
- Cookies functionality was improved with Ajax, which leads to no page reloads after performing actions with cookies on the frontend.
- The cookie consents grid was added to the Magento Admin.
Magento 2 LGPD 1.3.0
- Now it is possible to revoke the cookie consent.
- Now, store admins can restrict access to the website before a customer gives cookie consent.
- Settings for sending admin notifications on the delete requests submitted by customers were added.
- The “Customers with consent” grid was extended with new columns.
Magento 2 LGPD 1.2.2
- The possibility to edit the list of EU countries in the admin panel was implemented.
- The possibility to switch on/off anonymization, removal, and download actions of personal data for customers was added.
- New feature: personal data of an order made by a guest can be anonymized now.
Magento 2 LGPD 1.1.7
- New option: possibility to disallow optional cookies.