Overview of Magento 2 GDPR Extension
Effortlessly navigate the complexities of data privacy regulations and build customer trust with our comprehensive GDPR extension for Magento 2. This solution simplifies compliance by giving both you and your customers the tools needed for transparency and control. It establishes a dedicated Privacy Center where shoppers can easily exercise their rights to access, download, or permanently erase their personal data, fulfilling the core tenets of the "right to be forgotten." To further solidify your compliance, you can:
- Seamlessly integrate and track consent checkboxes on key pages like registration and checkout, providing a detailed log to demonstrate compliance.
- Intelligently manage compliance by showing GDPR-specific features, like the cookie notice and consent boxes, only to visitors from the EU or other selected regions.
- Maintain complete oversight from your admin panel, with logs for all data download and erasure requests.
- Keep users informed with automated notifications for policy updates and account actions.
The Magento 2 GDPR Pro is designed for merchants who require even deeper integration and control. It enhances the core functionality with support for additional advertising and analytics platforms, such as Microsoft Ads and Clarity, and recognizes advanced user privacy signals like Global Privacy Control (GPC) .
All Features:
-
-
Features for Customers
-
Privacy Center Dashboard
- Magento GDPR extension adds a new section in Magento Customer Account - “Privacy Center” with a list of GDPR options
and Privacy FAQ.
- In Privacy Center dashboard customer can choose to view Privacy Policy, Cookie Policy, contact Data Protection
Officer (DPO), Update Email Preferences, Download Account Data and Erase their Accounts.
-
Account Data Download
- Customers can download their account data as per GDPR Articles 15 and 20 – “Right of access” and “Right to data
portability”. The data will be provided in both human-readable and machine-readable format (Excel, CSV). Customers
can later transmit their personal data to another controller (ecommerce store or another location).
-
Account Data Removal
- Users can request to remove their personal data from your store. Article 17 of GDPR “Right to erasure (‘right to
be forgotten’)” allows them to do so. Within 24 hours all personal data will be automatically deleted and anonymized
if removal requests are not canceled by the Admin or a Customer.
- Customers can cancel data removal requests when they sign-in into their account within 24 hours after the data
removal request was submitted.
- GDPR plugin will prevent customers with pending orders to delete account until all orders are completed or canceled.
- All account removal requests and data download requests are password-protected to ensure the security of customer
accounts.
-
Cookie Restriction Notice
- As per “Recital 30” of GDPR, cookies “may be used to create profiles of the natural persons and identify them”,
therefore the users must have a choice whether to opt-in or not.
- With Cookie Policy bar enabled, customers can choose whether to allow usage of all non-essential cookies. All essential
cookies required for proper functioning of Magento store will continue to work. While all non-essential cookies,
such as those used for analytics, cookies from advertisers or third parties, including affiliates and those that
identify a user when he returns to the website will not be used until the consent is provided.
-
GDPR Consent & Opt-In
- Customers can provide consent to Privacy Policy, Cookie Policy or any other Policy on account registration page,
checkout page and newsletter subscription pages.
-
Popup and Email Notifications
- Customers can be notified about any policy update via popup notification.
- Transactional emails are used to notify customers about all account removal requests and data download requests.
-
Features for Merchants
-
General Configuration
- Magento Admin can configure Privacy Center Dashboard, Account Removal Settings, GDPR Email settings, Consent Checkboxes,
Cookie Consent Notice and Google Tag Manager settings.
-
Account Data Download
- The following data can be downloaded from Customer Account in CSV file format - customer Information, addresses,
full order history, reviews, price and stock alerts, products in cart, wishlist, compared products, etc
- Additional information can be exported from Magento using provided API. Follow our
developer guide if you need to include customer data from your third-party extensions in the downloadable
ZIP archive.
- Admin can track all account download requests via “Log of Account Data Downloads” in Magento Admin.
-
Account Data Removal
- Magento order history will be anonymized and kept in database as “Guest Orders” for accounting purposes
- By default, GDPR extension will delete all personal data and anonymize Magento Orders. However, provided
GDPR API allows to change default settings and anonymize all customer data instead of deleting it.
- Admin can cancel all pending data removal requests directly from the “Log of Account Removal Requests”.
- Admin can specify custom Anonymization Key to be used during the anonymization process of customer data.
-
Cookie Restriction Notice
- The extension uses Magento native “Cookie Restriction Mode” functionality to display Cookie Restriction Notice
Block.
- Added functionality allows to conveniently change the Notice text and Button label from the backend. As well as
display redesigned cookie bar in the bottom section of your site.
- Google Tag Manager can be used to load all non-essential javascripts only after the explicit consent to allow cookies
is provided by the visitor.
-
GDPR Consent & Opt-In
- Article 7 of GDPR “Conditions for consent” requires that “the controller shall be able to demonstrate that the
data subject has consented to processing of his or her personal data.” Therefore the Plumrocket GDPR extension
allows admin to add custom consent checkboxes in multiple locations on Magento frontend and track all customer
consents via “Log of Customer Consents” in the Magento backend.
-
GDPR Settings in CMS Pages
- Admin can continue using standard CMS Pages for Privacy Policy, Cookie Policy, Terms of Service or any other policy
page.
- GDPR functionality will be automatically integrated in all CMS pages and can be enabled for each page separately.
- Admin can enable versions for specific CMS pages and view revision history.
- Admin can enable popup notifications and notify customers about policy updates upon successful login. This is useful when asking customers to agree
to the updated version of the "Privacy Policy", TOS, Cookie Policy or any other agreement.
-
Popup and Email Notifications
- Admin can enable popup policy updates from CMS pages
- Extension intercepts all login & registration attempts via Social Login (Facebook Login, Twitter Login, or other
social networks) and displays Popup Notification requiring customers to agree before using the website.
- Admin can configure GDPR Email settings from the configuration page. Choose email sender name, address and transactional
email templates.
- 100% open code magento 2 extension