Today, we are describing a new solution developed by Mirasvit that helps e-commerce merchants to comply with the GDPR and CCPA (California Consumer Privacy Act) regulations. With the tools offered by the Mirasvit GDPR extension, you can be sure that your business operates in line with the GDPR requirements. By installing the Magento 2 module, you will also be able to collect and process customers’ personal data as it is required by the EU legislation. Below, we highlight the main features of the GDPR Magento 2 extension and explore its functionality from the admin and customer perspective.
- Ensured right for customers for personal data download and removal;
- Option to anonymize user details;
- Dedicated grids for customers’ consents and requests management;
- Additional functions in the customer account area related to data access and removal.
Furthermore, the Magento 2 GDPR module enables customers to send requests for getting a copy of their data stored on a web store. Besides, registered customers can ask to anonymize their personal details, which will turn a user’s first and last names, email address, phone number, date of birth, and address information into an anonymized text. Also, there is the possibility to permanently delete customers’ accounts created on your store with all related data.
As for the management of the requests, all of them can be accessed from one place in the Magento backend. The module classifies requests by their type and allows admin to track their statuses on the grid. After a customer submits a request to copy, anonymize, or erase their data, a store admin decides whether to approve or decline it.
As for the user experience on the frontend, your clients get extended functionality in their account area, allowing them to download their personal details and submit requests to anonymize stored info or completely erase their accounts.
All consents given by customers for the usage of their data are gathered on a grid under Customers -> GDPR -> Customers’ Consents. The grid shows the following details:
- an ID assigned to each consent;
- date and time when consent was provided;
- IP address;
- a customer’s name;
- consent type: Cookies, Registration Form, Contact Us Form, Subscription Form, or Checkout Form;
- status (Allowed).
As for the delete, anonymization, and data provision requests, you can track them on a separate grid under Customers -> GDPR -> Customers’ Requests. The grid includes the following columns:
- Request type: Provide User Data, Anonymize User Data, or Remove User Data;
- Status: Pending, Rejected, or Completed;
While a request is in the pending mode, an admin can approve or deny it. The appropriate options are displayed in the Actions menu drop-down. Note that these actions are irreversible.
If a user’s data is not removed, you can navigate to the customer information page by clicking on a customer’s name in the corresponding column of the requests grid. If a customer’s request for anonymizing personal details was approved, such data as billing and shipping addresses, name, tax/VAT number will not be visible to the admin.
Now, let’s have a look at the general settings of the Mirasvit Magento 2 GDPR extension. The configuration page is divided into 6 tabs: General Settings; Cookie Consent Bar; Form’ Consent Checkbox; Download Personal Data; Anonymize Personal Data; and Remove Personal Data and Account. In the first tab, you enable/disable the module’s functionality.
In the following tabs of the Magento 2 GDPR extension’s configuration, you decide whether to allow customers to submit requests for downloading and anonymizing their personal data, as well as deleting their details and account.
Next, we want to show you which functionality the GDPR Magento 2 module by Mirasvit adds on the frontend.
Below, you can see how the cookie consent bar appears on the frontend.
The Mirasvit GDPR extension adds new functions in the Account Information tab of the customers’ profiles. Users get the ability to download their info, submit requests for anonymizing their personal details, and request to remove their accounts with all stored data. Note that customers can’t send requests for data anonymization if they have pending orders.