The General Data Protection Regulation (GDPR) comes into effect on May 25, 2018.
Magento GDPR & CCPA Extension
The Magento GDPR extension is aimed at making your website ready for the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). It helps to protect the rights of both the merchants (data controllers) and Magento site visitors.
Ensures compliance with GDPR & CCPA rules: the right to be informed, to erasure, to restrict processing, to object, to access personal
data.
Visitors can use the Privacy Center dashboard to download or erase personal data, view Privacy Policy, Cookie Policy and contact Data Protection Officer.
Merchants can enable cookie consent notice, view download and erasure requests, manage customer consents and setup notifications.
| Product Details | |
| Version: | 1.6.1 (Sep 17, 2020) |
| Documentation: | User Guide |
| Live Demo: | View |
| Code Visibility: | 100% Open Code |
| Supported CE - EE: |
CE 1.6.x - 1.9.x EE 1.12.x - 1.14.x |
| License: | Single Magento Installation |
| Free Updates & Support: |
1 year (Details)
No subscriptions |
| Refund Policy: | 60 Days (View) |
Key Features of Magento GDPR & CCPA Extension
This Magento plugin helps companies that do business in the European Union or offer goods or services directly to individuals in the EU to make their store compliant with major GDPR rules.
All-In-One GDPR Solution for Magento
- GDPR Magento Extension introduces the Privacy Center Dashboard that was designed to display all GDPR options in one place.
- Customers can view your Privacy Policy and Cookie Policy, contact the Data Protection Officer (DPO), Update their Email Preferences, Download Account Data and Delete their Accounts.
- GDPR module integrates with your existing Privacy Policy, Cookie Policy and other CMS Pages and records a full history of changes (including document version, CMS page content, date and admin full name)
Enable Compliance with California Consumer Privacy Act (CCPA)
- GDPR Extension now includes additional features to enable Magento CCPA Compliance. Merchants can limit certain privacy features to California residents only, while other citizens won't see the additional cookie or popup messages, consent checkboxes or documents.
- This Magento 1 plugin covers all privacy rights of customers located in California State under the CCPA law. Your clients have a "right to access" (download personal data from Magento store or third party services), a "right to opt-out" or "obtain parental or guardian consent for minors", and "stop third-party transfer" (consent checkboxes & cookies functionality).
Download Customer Account Data
- Customers can download an archive of their account data (customer information, addresses, full order history, reviews, price and stock alerts, products in cart, wishlist, compared products, etc)
- Downloading customer information is a password-protected process that only customer will have access to. They will receive information in Spreadsheet (Excel, CSV) file format, which could allow another service to more easily import it.
- Admin can keep track of all download requests from Magento backend.
- Built-in API support allows you to download data from third party applications.
Permanently Delete & Anonymize Customer Account
- Customers can request to permanently erase all personal information from your store. Accounts will be automatically deleted within 24 hours after the removal request was submitted.
- Customers can cancel a removal request by logging in before the account is permanently deleted.
- Admin can view full log of account removal requests from Magento backend and cancel them if necessary.
- Built-in API support allows you to delete or anonymize data from third party applications.
Magento Cookie Restriction Notice
- Display a Cookie Restriction Notice at your Magento store and conveniently edit notice text from the Magento configuration.
- The users will have a choice of whether to opt-in or not. Cookies will be used only after the user clicks on “Accept Cookies” button.
- GDPR module allows you to setup Google Tag Manager to prevent execution of your third party services before cookie consent is given.
Consent Management
- Add your consent checkboxes (such as "I agree to the Privacy Policy" or "I agree to the TOS", etc) on the registration page, checkout page and newsletter subscription page directly from the backend. You can also add consent checkboxes manually using our developer's guide.
- All customers who opted-in to to these policies can be tracked via Magento consent log. Log of customer consents includes following data: customer name, email, consent location, link to the policy page, document version, date, IP, etc.
Geo Targeting
- Plumrocket GDPR now includes GeoIP functionality, allowing it to detect the country where your viewer is located and personalize the content for that viewer.
- Store owners can enable Cookie Notice and Consent Checkboxes to European Union visitors only and disable them for the rest of the world. Admin can configure this feature for each country separately or for all at once.
- Merchants who work with international clients will greatly benefit from the GeoIP restrictions in GDPR extension.
Popup and Email Notifications
- Schedule popup notifications and display popup window to all customers upon successful login. Request customer consent to the updated versions of the "Privacy Policy", TOS, Cookie Policy or any other agreement.
- Notify users by email when their account data was successfully downloaded or a removal request created.
Compatible with Custom & Third party Magento themes
- Magento GDPR was designed to work flawlessly on any third party Magento theme. Whether it is your own custom theme or a popular theme like Ultimo, Shopper, Fortis, etc. – it supports them all.
- Compatible with the latest Community and Enterprise Editions of Magento 2 Ecommerce Platform.
Overview of Magento GDPR & CCPA Extension
GDPR Module from Plumrocket is an all-in-one GDPR solution for Magento that comes with easy to use Privacy Center Dashboard and flexible admin settings to ensure the GDPR compliance of your store.
All Features:
-
Features for Customers
-
Privacy Center Dashboard
- Magento GDPR extension adds a new section in the Magento Customer Account - “Privacy Center” with a list of GDPR options and Privacy FAQ.
- In the Privacy Center dashboard, the customer can choose to view the Privacy Policy, Cookie Policy, contact the Data Protection Officer (DPO), Update Email Preferences, Download Account Data and Erase their Accounts.
-
Account Data Download
- Customers can download their account data as per GDPR Articles 15 and 20 – “Right of access” and “Right to data portability”. The data will be provided in both human-readable and machine-readable format (Excel, CSV). Customers can later transmit their personal data to another controller (ecommerce store or another location).
-
Account Data Removal
- Users can request to remove their personal data from your store. Article 17 of GDPR “Right to erasure (‘right to be forgotten’)” allows them to do so. Within 24 hours all personal data will be automatically deleted and anonymized if removal requests are not canceled by the Admin or a Customer.
- Customers can cancel data removal requests when they sign-in into their account within 24 hours after the data removal request was submitted.
- GDPR plugin will prevent customers with pending orders from deleting their account until all orders are completed or canceled.
- All account removal requests and data download requests are password-protected to ensure the security of customer accounts.
-
Cookie Restriction Notice
- As per “Recital 30” of GDPR, cookies “may be used to create profiles of the natural persons and identify them”, therefore the users must have a choice whether to opt-in or not.
- With the Cookie Policy bar enabled, customers can choose whether to allow usage of all non-essential cookies. All essential cookies required for proper functioning of Magento store will continue to work. While all non-essential cookies, such as those used for analytics, cookies from advertisers or third parties, including affiliates and those that identify a user when he returns to the website will not be used until the consent is provided.
-
GDPR Consent & Opt-In
- Customers can provide consent to the Privacy Policy, Cookie Policy or any other Policy on the account registration page, checkout page and newsletter subscription pages.
-
Popup and Email Notifications
- Customers can be notified about any policy update via popup notification.
- Transactional emails are used to notify customers about all account removal requests and data download requests.
-
Privacy Center Dashboard
-
Features for Merchants
-
General Configuration
- Magento Admin can configure the Privacy Center Dashboard, Account Removal Settings, GDPR Email settings, Consent Checkboxes, Cookie Consent Notice and Google Tag Manager settings.
-
Account Data Download
- The following data can be downloaded from the Customer Account in CSV file format - customer information, addresses, full order history, reviews, price and stock alerts, products in cart, wishlist, compared products, etc
- Additional information can be exported from Magento using the provided API. Follow our developer guide if you need to include customer data from your third-party extensions in the downloadable ZIP archive.
- Admin can track all account download requests via “Log of Account Data Downloads” in Magento Admin.
-
Account Data Removal
- Magento order history will be anonymized and kept in database as “Guest Orders” for accounting purposes
- By default, the GDPR extension will delete all personal data and anonymize Magento Orders. However, the provided GDPR API allows you to change default settings and anonymize all customer data instead of deleting it.
- Admin can cancel all pending data removal requests directly from the “Log of Account Removal Requests”.
- Admin can specify a custom Anonymization Key to be used during the anonymization process of customer data.
-
Cookie Restriction Notice
- The extension uses the native Magento “Cookie Restriction Mode” functionality to display Cookie Restriction Notice Block.
- Added functionality allows you to conveniently change the Notice text and Button label from the backend, as well as display a redesigned cookie bar in the bottom section of your site.
- Google Tag Manager can be used to load all non-essential javascripts only after the explicit consent to allow cookies is provided by the visitor.
- Use GeoIP Restrictions functionality to display Cookie Notice to visitors from EU countries only.
-
GDPR Consent & Opt-In
- Article 7 of GDPR, “Conditions for consent”, requires that “the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.” Therefore the Plumrocket GDPR extension allows admin to add custom consent checkboxes in multiple locations on Magento frontend and track all customer consents via “Log of Customer Consents” in the Magento backend.
- Each Consent Checkbox can be separately configured to be displayed only to visitors from the European Union or any other country.
-
GDPR Settings in CMS Pages
- Admin can continue using standard CMS Pages for Privacy Policy, Cookie Policy, Terms of Service or any other policy page.
- GDPR functionality will be automatically integrated in all CMS pages and can be enabled for each page separately.
- Admin can enable versions for specific CMS pages and view revision history.
- Admin can enable versions for specific CMS pages and view revision history.Admin can enable popup notifications and notify customers about policy updates upon successful login. This is useful when asking customers to agree to the updated version of the "Privacy Policy", TOS, Cookie Policy or any other agreement.
-
Popup and Email Notifications
- Admin can enable popup policy updates from CMS pages
- Extension intercepts all login & registration attempts via Social Login (Facebook Login, Twitter Login, or other social networks) and displays Popup Notification requiring customers to agree before using the website.
- Admin can configure GDPR Email settings from the configuration page. Choose email sender name, address and transactional email templates.
-
General Configuration
- 100% open code Magento 1 extension
Reviews of Magento GDPR & CCPA Extension
Write a Review
Every customer will automatically receive
$10 in reward points for each approved review.
-
Easy to configure
![United States]( "United States")
Review for Magento 2.x
The extension works great for us. The configuration was easy and straightforward with the documentation. This is my second extension from Plumrocket and I had no problems so far. -
Very good GDPR MODULE, good support, but it could be better
![Italy]( "Italy")
Review for Magento 2.x
Good support, but it could be better and would give their modules a distinct added value. However, the module does its job well as well as being sold with unlimited updates. This is one of the best things that leads me to prefer their modules over others. I recommend buying from them. -
Excellent Support
![Sweden]( "Sweden")
Review for Magento 2.x
Excellent Support and Prompt Response.
I can't have a better GDPR Extension for Magento 2 for my customers. Overall great extension! Installation and configuration were simple, so we did it successfully. -
I recommend it
![United States]( "United States")
Review for Magento 2.x
The extension is simple to install and use. I had zero issues with it downloading, installing or using. It simply works as advertised. The one time I did have a question, support responded and resolved the issue within an hour of my request. -
Worked great for usI'm using it on: www.urbanbodyjewelry.com
![United States]( "United States")
Review for Magento 1.x
The m1 version of this plugin worked great. We now need the M2 version so hopefully its just as good and we dont need to do a ton to get it working with the new M2 setup -
NEEDFULI'm using it on: www.b-happystore.it
![Italy]( "Italy")
Review for Magento 2.x
Indispensable to keep track automatically of consents and cancellations. Ensures compliance with GDPR rules, including access to personal data to download or erase. -
![Customer photo]()
Amazing!![Turkey]( "Turkey")
Review for Magento 2.x
Easy to use and edit with handy tips. Support was great and very helpful and informative. Very well designed and flexible to use all over my website. Thank you Plumrocket! -
Best GDPR extension and good supportI'm using it on: www.saidagustoespresso.com
![Italy]( "Italy")
Review for Magento 2.x
Perfect fits GDPR needs, the extension didn't cause any problems after installation. Some fix needed, resolved in 3 days by Plumrocket team with ticket support. -
Plumrocket and no problems :)I'm using it on: imoli2.pl, imoli1.pl, everlastingbrows.com, imoli3.pl
![Poland]( "Poland")
Review for Magento 2.x
The module works without any problems. We had to add domains to the test servers and this also went quickly and without problems. Plumrocket creates very good extensions for Magento.recomend Plumrocket. Great extension and support! Thank you. -
![Customer photo]()
Great and no issuesI'm using it on: jendeindustries.com![United States]( "United States")
Review for Magento 2.x
Only reason for a 4 star the price as always is a bit much with them.
Only complaint about plum rocket is they seem lazy on maintaining extensions any times you will buy it and is out dated and needs fixing on their end, they do get it fixed within 3 or so days but instead of maintaining them they wait for clients to raise an issue. -
Great GDPR extensionI'm using it on: www.fed-corp.com
![France]( "France")
Review for Magento 1.x
I have installed GDPR extension and works like a charm. The plug in is very simple to use and it supports Ultimo and Porto themes
Essential for the management and protection of European customer data -
It is my favorite GDPR extensionI'm using it on: forcuties.com
![Bulgaria]( "Bulgaria")
Review for Magento 2.x
This is my second extension from Plumrocket and it works like a charm, like the first one.
It is highly customizable and covers all my GDPR needs.
I lost many hours in discovering until I found this.
I recommend it! -
Highly suggested
![United States]( "United States")
Review for Magento 1.x
Since the General Data Protection Regulation has been implemented a couple of month ago, our company had to comply with it. This plugin is very good, simple and our customers from Europe are already using it for downloading personal data and other features.
The user interface is very clear and it works just fine with our template. Like every other extension designed by Plumrocket this GDPR extension works incredibly. Thank you -
Best GDPR extension
![United States]( "United States")
Review for Magento 1.x
This is our first purchase from Plumrocket and I must say that we are impressed by this GDPR extension and the top-notch support they provided. The module works flawlessly out of the box and does all that it should. Now the process of managing customer data according to the new regulation law that has recently came into force will be much more easier.
FAQ of Magento GDPR & CCPA Extension
-
When Does GDPR Come Into Force
Change Log of Magento GDPR & CCPA Extension
Legend:
- new feature
- bug fix
Version 1.6.1 Sep 17, 2020
- Minor changes and improvements
Version 1.6.0 Jul 13, 2020
- Added support for logging Consents for guests
- Minor changes and improvements
- Fixed “Enable Privacy Center for Guests” setting. “Privacy Center” link is hidden in the footer for a guest and the page becomes unavailable
- Fixed email display in a grid “Log of Account Data Downloads”
Version 1.5.1 Jan 22, 2020
- Minor changes and improvements
Version 1.5.0 Dec 31, 2019
- Added support for CCPA law
Version 1.4.3 May 01, 2019
- Fixed issue with a possibility for a guest to visit "My Consents" page
