Amasty LGPD Magento 2 Extension

- E-Commerce, Magento 2

Amasty LGPD Brasil Magento 2 extension

Today, we will talk about Magento 2 possibilities related to the protection of customers’ data within the territory of Brazil. Brazilian General Data Protection Law, or LGPD, became effective on August 15, 2020. The law implies the legal basis and standardization of rules and practices for processing sensitive data of online shoppers from Brazil. According to statistics, more than 140 million Internet users are located in Brazil. It means that any ecommerce store interacts with online shoppers from this part of the world in this or that way. 

To ensure compliance with the LGPD requirements and run your business in line with the privacy law, we recommend you to install the Amasty LGPD extension for Magento 2. The module provides all necessary tools for adjusting your privacy policy documentation according to the LGPD legislation and collecting and processing your storefront users’ data transparently and securely. Below, we describe all the features of the Brasil LGPD Magento 2 module, as well as its functionality on both backend and frontend.

Download / Buy Amasty LGPD Magento 2 Extension

The main goal of the Brazilian General Data Protection Law is to protect the rights of customers from Brasil regarding their personal data. The law covers the following rights:

  • the right to get access to personal data;
  • the right for rectification;
  • the right to erase the data;
  • the right to restrict processing of personal details;
  • the right for data portability;
  • the right to object.

The Amasty Magento 2 LGPD extension provides merchants with the settings that enable them to make their stores fully compliant with the latest LGPD requirements and inform website visitors about how their data is used and processed.

Features

  • Functionality for collecting privacy policy and cookie consents;
  • Management of cookies and cookie groups;
  • Two types of cookie policy bar;
  • Customizable design of the cookie bar;
  • Dedicated CMS page for managing cookie settings on the frontend;
  • Ability to place multiple privacy policy consent checkboxes on various pages;
  • Built-in GeoIP support;
  • Display of consent checkboxes based on the user geolocation;
  • Flexible management of privacy policy documents;
  • Ability to manage privacy settings in the customer account area;
  • Logging of the privacy policy and cookie consents;
  • Auto-removal of abandoned customer accounts;
  • Management of account removal requests in the backend.

One of the main LGPD requirements is related to compliance with the cookie policy. It means that an online store should clearly inform customers about the means and purpose of gathering their personal data and receive user consent to each of the collected cookies. The Amasty LGPD extension for Magento 2 includes all features of Amasty Cookie Consent, letting store admins manage all existing cookies from one place in the backend and separate them between various cookie groups.

One of the options available with the Amasty module is placing a pop-up window on your store pages for collecting consents to cookies. The cookie policy bar shows a description for each category of collected cookies. Besides, it includes toggles that let customers decide to which cookies they want to give their consent instantly. The cookie notice bar is highly customizable, so you can fine-tune its design to fit better into your storefront.

Also, note that the Magento 2 LGPD Brasil module lets customers view and manage their cookie settings on a separate CMS page. The Cookie Settings page provides detailed information on each type of cookies collected on your store and lists all cookies wth their description and duration in every group. This way, you will comply with the LGPD law’s requirement on providing online customers with the right to revoke their consents at any time. All cookie usage consents given by customers are gathered in a dedicated log.

Another essential feature of the Amasty cookie policy consent Magento 2 module is the ability to place checkboxes for collecting customer consents on various pages throughout a website. You can place checkboxes for each policy existing on your store on the registration, checkout, and Contact Us pages, as well as newsletter subscription form. Besides, you can customize the text shown next to a checkbox and insert a privacy policy link in the text. As a store manager, you also decide to users from which countries, e.g., only Brasil, a consent checkbox will be displayed and whether it is required to agree to the policy to use the website.

As for privacy policy management, the Amasty LGPD extension allows backend users to create several documents adapted to a particular region and local legislation and manage them on a separate grid in the Magento admin. This way, you will also be able to track modifications that need to be implemented in your policies in line with the changes in the LGPD regulations and quickly update relevant documents.

To make your webstore visitors acquainted with your privacy policy, you can show the text of the relevant document in a pop-up window. Also, you can place a link leading to the privacy policy description on any CMS page or in a custom block using the “Amasty Privacy Policy” widget. This way, you will add motivation for customers to accept your policy and proceed with browsing your store without further distractions. Also, you will help customers to quickly find information about processing their consents and ensure the implementation of the customer right to be timely informed about a store’s policy.

Moreover, LGPD regulations require online store owners to provide customers with the ability to get access to their personal information, as well as modify and erase it. With the Amasty LGPD Magento 2 extension, customers registered on your store get a chance to manage their data in the extended account area. The module adds new options to the customer accounts, letting them download a CSV file that keeps the copy of their personal details, anonymize data, and send a request for removing their account.

All delete requests submitted from the frontend can be viewed and managed by store admins on a dedicated grid in the backend, where they can approve or deny them in one click. Besides, the Magento 2 LGPD Brasil extension fulfills customers’ right to revoke their privacy policy consents, meaning that they can opt in or opt out from previously given consents at any time.

As for the admin possibilities provided by the Magento 2 LGPD compliance module, they help store managers to comply with the law’s requirement to keep records of customers’ data processing. All submitted consents are logged in a separate grid that allows users to view them from one place and delete selected records in bulk. Another log in the extension’s backend collects data on the activities related to personal data management, performed by customers from their accounts.

One more vital feature of the Amasty LGPD Magento 2 extension is the automatic removal of inactive customer accounts. The module automatically deletes outdated information after the time specified in the backend. At the same time, the tool lets you set a period for keeping data in the recent order-related documents, which will help you avoid possible issues with tax control or other institutions.

Backend

Cookies Management

First, let’s see which possibilities the Amasty Magento 2 LGPD compliance module offers in regards to the cookies management.

All cookies are gathered on a separate grid under Customers -> Cookie Consent -> Cookies. The Cookies grid shows the following details: each cookie’s unique ID, name, a group where it is assigned, description, and lifetime. The grid supports the filtering and sorting of the columns and allows deleting selected cookies using appropriate mass action. You can edit the cookies information via the Action column, as well as create a new cookie by clicking the “Add New Cookie” button.

When creating a new cookie, you should specify its name and description, set a lifetime, and select one of the available groups to assign the cookie.

As for the cookie categories, they are managed on another grid under Customers -> Cookie Consent -> Cookie Groups. The Cookie Groups grid consists of the following columns:

  • Checkbox;
  • ID;
  • Cookie Group Name;
  • Description;
  • Is Essential;
  • Is Enabled;
  • Action.

Here, you can also apply filtering and sorting to the grid columns, modify details of a particular cookie group using the “Edit” action, as well as delete groups in bulk using mass actions. If you want to create a new cookie category, press the “Add New Group” button.

When adding a new group, you can enable/disable it and mark it as essential if required. Then, you should enter a new cookie group’s name, add a description (here, you can provide details on the usage of the cookies in this group), and select specific cookies to include in the group.

Amasty LGPD Magento 2 extension cookies

Cookie consents collected from the store visitors are also gathered on a separate grid that you will find under Customers → Cookie Consent → Cookie Consents Log. The grid gathers the data on customers who accepted the cookie policy: a customer’s ID, name, and email. Besides, the grid shows IP addresses and websites where the consent was given. Here, you can also check the date and time of the approval of cookies, as well as consent status.

Magento 2 Cookie Consent module backend

LGPD management

Now, let’s navigate to the page where you can view and manage privacy policy documents. The corresponding grid includes the following columns:

  • ID;
  • Date Created;
  • Version Number;
  • Last Edited;
  • Last Edited By;
  • Comment;
  • Status (Disabled, Enabled);
  • Action (Edit).

You can apply filters to quickly find a required document and sort the grid columns. It is also possible to modify a particular privacy policy via the Edit link in the Action column, as well as delete selected documents using mass actions.

Amasty LGPD Magento 2 extension backend

Upon clicking the “Add New Policy” button, you will be forwarded to the New Privacy Policy screen. When editing an existing privacy policy or creating a new document, you should specify its title in the Comment field, enter the policy version, set its status to enabled/disabled, and type in the policy content using the WYSIWYG editor.

Amasty LGPD Magento 2 extension backend

As we’ve already mentioned, the Amasty Magento 2 LGPD compliance module allows adding multiple checkboxes to various forms and pages. Consent checkboxes are displayed on a separate grid that displays an ID, name, code, and status of each checkbox. The grid also shows whether a user’s consent is required or not, a checkbox gets hidden after a user gives consent, and the consent is logged. Here, you can also view a checkbox’s location and position on the frontend. You can edit particular checkboxes using the Action column, as well as delete selected checkboxes in bulk.    

Amasty LGPD Magento 2 extension backend

When adding a new checkbox, first, create its name (for admin purposes) and code and set its status as enabled to add it to your storefront. Then, decide whether the checkbox will be marked as required for giving consent and whether a user’s consent should be saved in the Consent Log grid. Next, you can activate the feature that will hide the checkbox after a customer gives consent. Here, you also set the position of the checkbox on the form and select pages of your website where it will be placed. Besides, you should specify a text that will be displayed next to the checkbox and choose a consent link type (GDPR Privacy policy or CMS Page). It is also possible to restrict the visibility of the configured checkbox based on a customer’s country.

Amasty LGPD Magento 2 extension backend

Consents, given by both registered customers and guest visitors, are gathered in Consent Log. The grid shows the following details: a customer’s ID, name, IP address, and email, the date of giving consent or declining the privacy policy, checkbox location and code, the version of the policy document, website, and action (Accept or Decline). It is possible to remove selected consents from the log using appropriate mass action.

Amasty LGPD Magento 2 extension backend

Another log in the backend of the Aamsty LGPD Magento 2 extension gathers data on all actions performed by customers in regards to the privacy policy consents and LGPD-related requests.

Requests for account removal sent by customers are displayed on the Delete Requests grid. Here, you can view the date and time when a request was submitted, customer name and email, initiator of the request (customer or automatic procedure), and the number of completed and pending orders. The mass actions menu allows admins to approve or deny selected requests in bulk.

Download / Buy Amasty LGPD Magento 2 Extension

Configuration

Now, let’s explore the configuration page of the Brasil LGPD Magento 2 module, which is located under Stores -> Settings -> Configuration -> Amasty Extensions -> Personal Data Protection. All settings are divided into 3 sections: Cookie Consent, Geo Ip Data, and Personal Data Protection.

The Cookie Consent section includes 2 tabs: General Settings and Cookie Bar Customization.

Amasty LGPD Magento 2 extension cookie consent

In General Settings, you can enable the cookie policy bar. Here, you can also activate the Cookie Wall feature, which will not allow frontend users to interact with your website if they don’t accept cookies. If this setting is enabled, you can specify URLs of the pages that will be accessible for customers who didn’t accept the cookie policy. Note that according to the GDPR requirements, usage of the cookie wall is not allowed. Next, you can type in a text that will be displayed in the cookie bar and define a CMS page where cookie settings and information will be available for your website visitors. In this tab, you can also decide to users from which countries the cookie policy bar will be displayed and set a period for the auto-cleaning of the cookies log.

Amasty LGPD Magento 2 extension cookie consent

In the following tab, you can customize the look of the cookie bar. First, select its style – Classic or Pop Up with Toggles. In case of applying the Pop Up with Toggles style, you will need to choose colors for the bar’s background; text of the policy and cookie group title and description; buttons in the bar and text on them; and links.

Amasty LGPD Magento 2 extension cookie consent

In Geo Ip Data, you can download the Geo IP database automatically or import files from your own source.

Amasty LGPD Magento 2 extension Geo IP data

As for the Personal Data Protection section, it consists of four tabs: General, Customer’s Account Privacy Settings, Personal Data Deletion and Anonymization, and Email Notifications. In the General tab, enable the module’s functionality to start collecting privacy consents from your store visitors. Here, you also decide whether to log consents given by guest users. Besides, you can allow auto-cleaning of the consent and action logs and set the period for keeping records in the log.

Amasty LGPD Magento 2 extension configuration

The following tab lets you manage options in the customers’ accounts. You can decide whether to allow or disallow customers to download and anonymize their personal data, delete accounts, and opt in or opt out from the previously given consent. 

Amasty LGPD Magento 2 extension configuration

The Personal Data Deletion and Anonymization tab is divided into 2 blocks with settings: Automatic Personal Data Deletion and Prevent Data Deletion of Recent Orders. In the first one, you can enable the function that will automatically generate the delete requests for accounts of customers who didn’t make any order during a specified period.

Amasty LGPD Magento 2 extension configuration

Another block allows you to keep personal customers’ data in recent order-related documents during a specified number of days. Here, you can also define order statuses that will not allow customers to anonymize or delete their personal info.

Amasty LGPD Magento 2 extension configuration

The Email Notifications tab lets you configure anonymization and deletion notifications separately. You need to select an email sender and email template for each type of alert and specify email addresses for customers’ replies.

Amasty LGPD Magento 2 extension configuration

Now, when you understand the Amasty LGPD Magento 2 module’s configuration from within, let’s see how it acts on the frontend.

Frontend

As mentioned above, the Amasty Magento 2 LGPD Brasil module provides an option to display the cookie policy bar as a pop-up with toggles. Store visitors can instantly accept particular cookies by moving a toggle in the active position or allow all cookies with one button click. 

Amasty LGPD Magento 2 extension frontend

When a user clicks the “More Information” link in the pop-up window, they will be redirected to the Cookie Settings page. Here, customers can read more detailed information on each cookie group, see lists of collected cookies in each group, as well as decide which cookie categories they will allow for processing.

Amasty LGPD Magento 2 extension frontend

The same page is accessible via the Cookie Settings link in the footer. 

Amasty LGPD Magento 2 extension frontend

As for the content checkboxes, as described before, they can be placed on the registration, checkout, contact us, and newsletter subscription pages. Below, you can see how they appear on the new customer account creation form:

Furthermore, the Amasty LGPD Magento 2 extension adds a new tab – Privacy Settings – to the customer account area. Here, customers can download a copy of their data collected on your website in the CSV format, anonymize data, send a request for account removal, and opt in/opt out from their consents.

Amasty LGPD Magento 2 extension frontend

Recent Updates

Magento 2 LGPD 2.3.7

  • Compatibility with Amasty Jet Theme was introduced.
  • Now it is possible to collect and log policy consents given by guest visitors.

Magento 2 LGPD 2.2.0

  • The extension has been covered with MFTF tests for improved quality and stability.

Magento 2 LGPD 2.1.1

  • New functionality that allows customers to opt in and opt out from previously given consents was added to the Privacy Settings tab in the customer account area.
  • Now the extension is fully compatible with Amasty Social Login.

Magento 2 LGPD 2.0.2

  • The ability to create multiple consent checkboxes and place them separately on various website pages was introduced.
  • A new option was added to the admin area: the ability to download customer’s personal data in the CSV format.
  • The auto-delete feature of accounts of customers who didn’t make orders for the specified time was added.
  • Now it is possible to show or hide dedicated checkboxes after a website visitor gave consent.
  • Automatic log cleaning of the customers’ action records related to the privacy policy and GDPR was introduced.
  • Now the number of new delete requests is displayed in the sidebar menu in the Magento Admin. 
  • Now it is possible to process delete requests via API.
  • “Customers with consent” and “Customers without consent” grids were removed.

Magento 2 LGPD 1.6.6

  • Improvements in the Geo IP Data module: unit tests were added, and the code was refactored.

Magento 2 LGPD 1.5.6

  • A dedicated cookie settings page was added to the frontend.
  • The setting allowing to enable/disable the extension was added.

Magento 2 LGPD 1.4.8

  • A new feature was added: the ability to create a link to the privacy policy document via the Amasty Privacy Policy widget.
  • Cookies functionality was improved with Ajax, which leads to no page reloads after performing actions with cookies on the frontend.
  • The cookie consents grid was added to the Magento Admin.

Magento 2 LGPD 1.3.0

  • Now it is possible to revoke the cookie consent.
  • Now, store admins can restrict access to the website before a customer gives cookie consent.
  • Settings for sending admin notifications on the delete requests submitted by customers were added.
  • The “Customers with consent” grid was extended with new columns. 
  • “Draft” state was added to the privacy policy configuration.

Magento 2 LGPD 1.2.2

  • The possibility to edit the list of EU countries in the admin panel was implemented.
  • New option: the cookie policy bar can be placed at the top of the screen.
  • The possibility to switch on/off anonymization, removal, and download actions of personal data for customers was added.
  • Now it is possible to place Privacy Policy confirmation checkboxes on the “Contact Us” and “Newsletter Subscription” forms.
  • New feature: personal data of an order made by a guest can be anonymized now.

Magento 2 LGPD 1.1.7

  • Now it is possible to adjust the style of the cookie policy bar.
  • The cookie policy bar can be managed in the backend now.
  • New option: possibility to disallow optional cookies.

Final Words

The Amasty LGPD extension is a comprehensive solution for adjusting privacy policy and other settings related to the management of customers’ personal details on a Magento 2 store in line with the LGPD legislation. After installing the module, you will get an advanced toolset for configuring all required settings for collecting customer consents to process sensitive data without violating users’ rights. This way, you will be able to adjust your privacy policy documents and implement other customer privacy-related features on your store to comply with the Brasil LGPD requirements fully. As for the price, you can buy the Amasty LGPD M2 module for $249.

Download / Buy Amasty LGPD Magento 2 Extension