Magento 2 GDPR Developer FAQ

In this article, you will find answers to all frequently asked questions for developers on Magento 2 GDPR extension.

What Personal Data is Deleted by GDPR Extension

When customers submit Data Deletion Requests, the following data can be processed, depending on customer actions on site:

Registered CustomersGuests
Addressdelete
Price and Stock Alerts Subscriptiondelete
Store Credit Balance (Magento Commerce)delete
Product Comparedelete
Customer Accountdelete
Newsletter Subscriberdeletedelete
Invitation (Magento Commerce)delete
Gift Registry (Magento Commerce)delete
OrdersAnonymize:
customer_email
customer_firstname
customer_lastname
customer_dob
customer_middlename
customer_prefix
customer_suffix
customer_taxvat
remote_ip
customer_gender
customer_is_guest
customer_id
customer_group_id
Anonymize:
customer_email
customer_firstname
customer_lastname
customer_dob
customer_middlename
customer_prefix
customer_suffix
customer_taxvat
remote_ip
customer_gender
customer_is_guest
customer_id
customer_group_id
Quote (Products in Cart)deletedelete
Reviewsdelete
Reward Points (Magento Commerce)delete
Rma (Magento Commerce)Anonymize:
customer_name
Wishlistdelete
Archive Grids (Magento Commerce)Anonymize:
shipping_name
billing_name
billing_address
shipping_address
customer_email
customer_name

What Data and Magento Tables are Affected by GDPR Extension

During download, deletion or anonymization process, the following database tables are affected:

Magento 2.x Community Edition (CE)Magento 2.x Enterprise Edition (EE)
customer_entity
customer_entity_*
customer_grid_flat
customer_address_entity
customer_address_entity_*
email_contact
email_review
email_automation
email_campaign
sales_order
sales_order_item
sales_order_address
sales_order_payment
sales_order_grid
sales_shipment_grid
sales_invoice_grid
sales_creditmemo_grid
mage_quote
mage_quote_address
product_alert_price
product_stock_alert
wishlist
review_detail
catalog_compare_item
newsletter_subscriber
plumrocket_gdpr_consents_log
plumrocket_gdpr_export_log
plumrocket_gdpr_removal_requests
customer_entity
customer_entity_*
customer_grid_flat
customer_address_entity
customer_address_entity_*
email_contact
email_review
email_automation
email_campaign
sales_order
sales_order_item
sales_order_address
sales_order_payment
sales_order_grid
sales_shipment_grid
sales_invoice_grid
sales_creditmemo_grid
mage_quote
mage_quote_address
product_alert_price
product_stock_alert
wishlist
review_detail
catalog_compare_item
newsletter_subscriber
magento_customerbalance
magento_reward
magento_rma
magento_rma_grid
magento_invitation
plumrocket_gdpr_consents_log
plumrocket_gdpr_export_log
plumrocket_gdpr_removal_requests
magento_giftregistry_entity
magento_giftregistry_person
magento_sales_order_grid_archive
magento_sales_creditmemo_grid_archive
magento_sales_invoice_grid_archive
magento_sales_shipment_grid_archive

See Magento DevDocs for more information about the Magento 2.x GDPR compliance and data storage.

Can I Anonymize All Data Instead of Deleting It

Yes, you can. Follow these steps:

a) Describe all data that should be anonymized in file di.xml

<type name="PlumrocketGDPRModelAccountProcessorsCustomerData">
    <arguments>
        <argument name="dataExport" xsi:type="array">
            ……. Data export Fields
        </argument>
        <argument name="dataAnonymize" xsi:type="array">
            <item name="prefix" xsi:type="null"/>
            <item name="firstname" xsi:type="string">anonymousString</item>
            …. And other fields
        </argument>
    </arguments>
</type>

b) Edit model Plumrocket\GDPR\Model\Account\Processors\CustomerData and replace the contents of function delete() with the following code:

public function delete(CustomerInterface $customer)
{
     $this->anonymize($customer);
}

Edit function anonymize() and add the following code:

public function anonymize(CustomerInterface $customer)
{
     $customerId = $customer->getId();
     $customer = $this->customer->load($customerId);
     $dataAnonymized = $this->customerData->getDataAnonymized(
         $this->dataAnonymize, $customerId);
     if (!empty($dataAnonymized) && $customer) {
         $customer->setDataToAll($dataAnonymized)->save();
     }
}

I Have Implemented the GDPR Support in My Third-Party Extension, Can I Share It With You

Yes, absolutely. We can add the built-in support of the third-party extension to our GDPR module after we review your code. Please contact our tech support and submit your request.

Was this article helpful?