Extension SettingsTo configure the extension, go to Stores > Configuration > Aheadworks Extensions > GDPR. The page features two sections: General and Email Settings. The following options are available in the General section: - Data Protection Policy Page - assign the privacy policy CMS page to be used as the destination of the Privacy Policy link displayed on the Registration page and Consent Confirmation popup
- Enable automatic processing of data removal and data access requests - set to Yes to allow customers to delete their accounts without the involvement of the Admin
- Enable consent gathering on Contact Us form - set to Yes to provide the Contact Us form with a checkbox and text "I consent to thecollection and processing of my personal data" holding the Privacy Policy link
- Enable consent gathering on Newsletter subscription form - set to Yes to provide the Newsletter subscription form with a checkbox and text "I consent to thecollection and processing of my personal data" holding the Privacy Policy link
| Note |
|---|
When the value of the Data Protection Policy Page (DPP) is changed in Admin > Stores > Configuration > GDPR > "Data Protection Policy Page", go to Customers > Consent Relevance and click on the Reset Consent button to prompt registered customers to give consent to the privacy policy again. Changing the DPP page presumes changes in the privacy policy. |
The following options are available in the Email Settings section: - Sender - the Store User to be the Sender of the request confirmation emails send to customers
- Removal Confirmation Email Template - the email template to be used for personal data removal requests
- Data Access Confirmation Email Template - the email template to be used for personal data access requests
- Enable admin notifications upon the events - select the requests for notifications to be sent to the Admin
- Send admin notifications to - specify the Store User to receive the above notifications
- Data removal request email template - the template for the emails sent to the Admin on customers submitting data removal requests
- Data access request email template - the template for the emails sent to the Admin on customers submitting data access requests
Privacy Policy CMS pagesTo browse and manage the versions of your privacy policy (PP) regulations, go to Customers → GDPR by Aheadworks → Privacy Policy CMS pages. Tracking what PP and which version thereof the Customer agreed to is required by law. The grid comes with the following columns: - CMS page - the page containing your privacy policy regulations (active link to the Edit [Page Name] page)
- Version - the version of the privacy policy
- Store View - the store view to contain the cms page
- Created - the date when the page was set up as the privacy policy cms page
- Actions - click on the View active link to open the Edit [Page Name] page
To set a page as a Privacy Policy page, go to Content → Pages and select/create a page. Make use of the Set up as Privacy Policy page toggle. If toggle Set up as Privacy Policy page is on, then the Privacy Policy Version text-field appears. The following is important when setting up the version of the PP: - the number is unique within a store view (e.g. the same set of rules in different languages is considered to be the same PP version).
If the version is not set, the extension does not track it’s uniqueness: there can be multiple PP assigned to the same store view without any version number. the number can consist of letters, numbers, dots, commas, underscores and hyphens.
| Note |
|---|
There can be only one active Privacy Policy page per store view. On an attempt to set a cms page as a PP page for the given store view, an error is displayed “Can’t save privacy policy page with this version. Please specify another version that is unique for this store view.“ Saving a PP page is not possible when there already exists a version for the same store view. Same applies to the situation when there is already a page set for a whole website and the Admin wants to set the PP page for a store view within this website. In this case, for a given store view, the Admin needs to specify a new version. |
| Note |
|---|
Having saved a Privacy Policy CMS page, its heading, version and content could no longer be deleted or edited, unless the page is set as Current in Store config. All other options (meta fields, layout, etc) can be edited. |
| Note |
|---|
Privacy Policy CMS pages can not be reverted to ordinary CMS pages |
The Admin can change Privacy Policy if need be and then track which Privacy Policy version customers agreed to. This eCommerce behaviour is required by the law. To change the Privacy Policy, the Admin creates a new page and sets it up as the Privacy Policy page with a unique version. Privacy Policy versions can not be changed after saving, thereby every new version requires a new page. Old pages of PP are kept as read-only copies. At times, the Admin needs to reset the consents, if changes to the PP require it. 
Data Access RequestsAs soon as data access requests are verified by email they appear in the Data Access Requests grid for further processing by the Admin. Go to Customers > GDPR by Aheadworks > Data Access Requests to find the grid. The Data Access Requests grid includes the following columns: - Customer ID - ID of a customer;
- Name - customer's name;
- Email - customer's email;
- Status - request status. Available options include: Pending, Processing, Completed, Canceled;
- Created At - date and time of the request submission;
- Resolved At - resolution date and time;
- Actions - the column contains an active link, which allows Magento admins to change the status of a request or download customer information in the PDF (human-readable) and XML (machine-readable) file formats.
| Info |
|---|
The above formats, in fact, are intended for different purposes and exercise two different GDPR rights. PDF allows customers to access their personal information, while XML allows customers to make data portable and transfer it to other solutions or applications. |
In addition to the Actions column, request statuses can be changed massively using the Actions box. Developer Notes: Data Export| Info |
|---|
| Export of the Data Stored in Third-party Applications - Add the following code lines to the etc/di.xml file:
| Panel |
|---|
| borderWidth | 2px |
|---|
| borderStyle | solid |
|---|
| <type name="Aheadworks\Gdpr\Model\Service\CustomerDataCollector">
<arguments>
<argument name="dataCollectors" xsi:type="array">
<item name="your_module_data" xsi:type="array">
<item name="module" xsi:type="string">Vendor_YourModule</item>
<item name="collector" xsi:type="string">
Aheadworks\Gdpr\Model\Service\CustomerDataCollector\YourModuleDataCollector
</item>
<item name="position" xsi:type="number">150</item>
</item>
</argument>
</arguments>
</type>
<virtualType name="Aheadworks\Gdpr\Model\Service\CustomerDataCollector\YourModuleDataCollector" type="Aheadworks\Gdpr\Model\Service\CustomerDataCollector\DataCollector">
<arguments>
<argument name="title" xsi:type="string">Your Module Information</argument>
<argument name="dataProcessor" xsi:type="string">
Vendor\YourModule\Model\YourModuleDataProcessor
</argument>
</arguments>
</virtualType> |
- And create the data processing Vendor\YourModule\Model\YourModuleDataProcessor.php file as follows:
| Panel |
|---|
| borderWidth | 2px |
|---|
| width | 50% |
|---|
| borderStyle | solid |
|---|
| <?php
namespace Vendor\YourModule\Model;
use Aheadworks\Gdpr\Model\Service\CustomerDataCollector\DataProcessorInterface;
use Magento\Customer\Api\Data\CustomerInterface;
/**
* Class YourModuleDataProcessor
* @package Vendor\YourModule\Model
*/
class YourModuleDataProcessor implements DataProcessorInterface
{
/**
* Get your module data
*
* @param CustomerInterface $customer
* @param int|null $storeId
* @return array
*/
public function getData($customer, $storeId)
{
return [
'test' => 'Message',
'items' => [
'item_1' => 'Item 1',
'item_2' => 'Item 2',
'item_3' => 'Item 3',
]
];
}
} |
|
Removal RequestsThe same way customers may ask to delete own personal information, still, these requests are collected in the Removal Requests grid located under Customers > GDPR by Aheadworks > Removal Requests. The grid has absolutely the same columns as the previous one. The only difference is that the Actions column in the grid only allows Magento admins to manage request statuses. The same actions can be performed massively from the Actions box above the grid. Once the customer's data removal request has been approved, his/her personal data is erased from the store. The data includes the customer's ID, Name, and Email. 
Consent RelevanceOn receipt of a request to delete the data of the Customer, the Admin refers to the Consent Relevance page. The Consent Relevance grid contains a list of all customers, including the guest ones. The grid allows the Admin to anonymize customer data in one click. Additionally, on this page, the Admin can track and manage the consent statuses of the customers. The Consent Relevance grid is located in Customers > GDPR by Aheadworks > Consent Relevance. The grid contains the following columns: - Customer ID, Name, Email - the ID, name and email of the customer
- Website - the store-view where the Customer clicked to agree to the privacy policy rules
- Latest Consent Date - the date and time of the latest consent as signed by the Customer
- Relevant Consent - the status of the consent considered to be relevant or not. Includes two options: Yes and No
- Actions - click on the Select selector and apply the Erase Customer action to erase the personal data of the Customer.
| Note |
|---|
The customer whose data is erased gets anonymized. This means that his/her personal data in the grid is now hidden behind asterisks in the ID, Name, and Email columns, correspondingly. However, his/her orders remain recorded in the store's database, though marked as guest-orders. These orders can be stored for a period determined by a local law. |
To massively anonymize customer data, in addition to the Active column, the Admin can also use the Actions box above the grid. | Note |
|---|
Note that in M2 GDPR version 1.1.0 customers' data are not displayed in the Consent Relevance grid in the following cases: - Guest-customers leave their consent either via the Newsletter or Contact Us form.
- A customer is registered, but there is no record about his/her consent in the system. As a guest, the registered customer subscribes to the newsletter, or creates a ticket via the Contact Us form, or creates an order and gives his consent.
|
The Consent Relevance page also includes the Reset Consent button, which resets all eligible consent statuses to 'No'. This is the case when the Admin may need to collect consents once again. If all the consents are reset, all the customers have to provide their consents once again. Developer Notes: Data Deleting| Info |
|---|
| Deleting data from Third-party Applications In case if the data in the third-party application and Magento customer table are connected (Foreign Key), you don't need to do anything at all, as soon as the data is going to be deleted automatically (recommended). Otherwise, you need to add own "eraser" using the etc/di.xml file. The Eraser should use the Aheadworks\Gdpr\Model\Service\CustomerDataEraser\DataEraserInterface interface: | Panel |
|---|
| borderWidth | 2px |
|---|
| borderStyle | solid |
|---|
| <type name="Aheadworks\Gdpr\Model\Service\CustomerDataEraser">
<arguments>
<argument name="dataErasers" xsi:type="array">
<item name="Vendor_YourModule" xsi:type="string">Vendor\YourModule\Model\YourModuleEraser
</item>
</argument>
</arguments>
</type> |
You can also use the following events: | Panel |
|---|
| borderWidth | 2px |
|---|
| width | 50% |
|---|
| borderStyle | solid |
|---|
| "aw_gdpr_customer_data_delete_before", params: customer_id
"aw_gdpr_guest_data_delete_after", params: customer_id
"aw_gdpr_guest_data_delete_before", params: email, store_ids
"aw_gdpr_guest_data_delete_after", params: email, store_ids |
|
|
.png?version=1&modificationDate=1564160929803&cacheVersion=1&api=v2)