Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

...

...

...

...

...

...

...

width50%

Table of Contents

Warning

Firefox user notice:

Please use another web browser to view this document.

Sorry for the inconvenience.

...

width30%

...

Image Modified

Magento 2 GDPR extension allows Magento merchants to collect customer consents on registration, checkout, and other pages. Even more, the module allows providing customers with their right to access, copy, transfer, and erase personal data processed by the store and related third-party extensions. Customers are able to access, copy, and delete personal information in one click from customer accounts, while the verification process makes Magento merchants sure about the eligibility of submitted requests.

Compatibility: Magento Open Source 2.3.X, Magento Commerce 2.3.X

Product Page

Thank you for choosing Aheadworks!

Installing GDPR

...

width20%

...

width60%

Installing mPDF Library

Before generating customer information in PDF, you need to install the mPDF library executing the following command at the command prompt:

Panel
borderWidth2px
borderStylesolid
composer require mpdf/mpdf

...

width20%

...

Panel
borderWidth2px
borderStylesolid

1. Backup your web directory and store database

...

borderWidth2px
borderStylesolid

...

Panel
borderWidth2px
borderStylesolid

 3. Upload contents of the GDPR installation package to your store root directory

...

borderWidth2px
borderStylesolid

 4. In SSH console of your server navigate to your store root folder:

No Format
cd path_to_the_store_root_folder

run the following command: :

No Format
php -f bin/magento module:enable  Aheadworks_Gdpr

then:

No Format
php -f bin/magento setup:upgrade

after:

No Format
php -f bin/magento setup:static-content:deploy
Panel
borderWidth2px
borderStylesolid

5. Flush store cache; log out from the backend and log in again

Note

Make sure the installation is done from the FTP administrator account. Otherwise, set 775 permissions to the store root directory after the extension is deployed.

...

width50%

...

borderWidth2px
borderStylesolid

If you are installing an extension from Aheadworks for the first time, you need to add our composer repository to your Magento store:

Panel
borderWidth2px
borderStylesolid

1. Login to your ssh console and navigate to your store folder:

Panel
borderWidth2px
borderStylesolid
cd path_to_the_store_root_folder

Run the following command:

Panel
borderWidth2px
borderStylesolid
composer config repositories.aheadworks composer https://dist.aheadworks.com/

After the command was executed successfully, you can use the composer to install the products.

...

borderWidth2px
borderStylesolid

To install the extension:

2. Login to your ssh console and navigate to your store folder:

Panel
borderWidth2px
borderStylesolid
cd path_to_the_store_root_folder

...

borderWidth2px
borderStylesolid

 3. Run the following command to install the latest version of the extension:

Panel
borderWidth2px
borderStylesolid
composer require aheadworks/module-GDPR

if you need to install a specific version, run this command:

Panel
borderWidth2px
borderStylesolid
composer require aheadworks/module-GDPR:<version>
Tip

Specify the version of the extension in <version>

Panel
borderWidth2px
borderStylesolid

When prompted, enter Public Key (Username) and Private Key (Password):
Image Removed

Note

Both Public Key (Username) and Private Key (Password) can be found in My Projects and Licenses in your personal account on our site:

Image Removed

...

borderWidth2px
borderStylesolid

4. Enable the extension:

Panel
borderWidth2px
borderStylesolid
php -f bin/magento module:enable <Module_Name>
Tip

Add the product name in <Module_Name>

Next, register the extension:

Panel
borderWidth2px
borderStylesolid
bin/magento setup:upgrade

Recompile your Magento store if you are in the Production mode:

Panel
borderWidth2px
borderStylesolid
bin/magento setup:di:compile

To verify that the extension is enabled, run this command:

Panel
borderWidth2px
borderStylesolid
bin/magento module:status

Clean store cache, by running the following command:

Panel
borderWidth2px
borderStylesolid
bin/magento cache:clean

Log out and Log in the backend again.

...

borderWidth2px
borderStylesolid

To upgrade the extension:

5. To update or upgrade an extension:

Download the updated extension file. Take note of the module-name and version. Export the contents to your Magento root.

If a composer package exists for the extension, run one of the following.

Code Block
titleUpdate per module name:
composer update aheadworks/module-GDPR
Code Block
titleUpdater per version:
composer require aheadworks/module-GDPR:<version>

Run the following commands to upgrade, deploy, and clean the cache.

Panel
borderWidth2px
borderStylesolid
php bin/magento setup:upgrade --keep-generated
php bin/magento setup:static-content:deploy
php bin/magento cache:clean

Introduction - Magento 2 GDPR

Section

Business Advantages

Employ the GDPR extension to facilitate receipt of customers' consent with the terms of your privacy policy. Ensure that customers have the right to access, copy, transfer, and erase their personal data in your store. This in turn will establish you as an obedient follower of the main GDPR regulations.

The present extension brings forth the following features:

  • The dedicated functionality enables you to comply with most essential GDPR requirements, including the right of customers to access, copy, transfer, and delete their personal data;
  • Customers' consent with your privacy policy is collected on registration, checkout, and other pages;
  • Customers are able to request access to personal data from My Account in one click;
  • The implemented verification technique allows you to reduce fraudulent data requests;
  • The extension allows you to split up customers with and without consents and manage each group individually;
  • The extension API allows you to get and erase data from third-party apps.

What's New?

The latest version (1.1.0) of the extension allows the following:

  • REST API support

  • Automatic processing of requests to delete and receive data with administrator notification

  • Versioning of policy pages (with a ban on deleting and editing in some cases)

  • Binding cms page to consent

On Frontend - Magento 2 GDPR

...

New Customer Consents

Customers who want to make their first purchase in a store provide their consent either on the Registration or Checkout pages.

To do so, on the Registration page, customers tick the dedicated checkbox.

Image Removed

...

The following issue was reported on Magento 2.4.1 and 2.3.6:

Given: The Customer creates a new account and inputs an incorrect value to a field on the form. For example, leaves First Name or Last Name empty, or does not give the GDPR consent.

Result: The Create an Account button becomes disabled and cannot be enabled.

SolutionUse the official Magento 2 patch to fix the issue

On the Checkout page, customers provide their consent via the popup, which is displayed automatically on load of the page. The Customer clicks on the I Agree button to accept the privacy policy regulations, or I Disagree to do otherwise.

Image Removed

Customers cannot submit personal information without ticking the check box or clicking on the I Agree button. Customers' data is not recorded to databases until the consent is given.

Both the checkbox and popup also show a link to the privacy policy page.

In case the Customer wants to provide his/her consent at a later time and clicks the 'Ask me later...' link, he/she is taken to the home page of the store to continue shopping.

Note

Integration with One Step Checkout

When the Magento 2 Smart One Step Checkout extension is installed on the store, the Checkout page displays the Privacy Policy consent checkbox instead of the popup. 

Developer Notes: Consent Popup Integration

...

width100%

Consent Popup Integration

The consent popup works on native Magento checkout pages and checkout pages created by the Smart One Step Checkout extension by Aheadworks by default. Still, you can integrate it with any other checkout application the same way just changing the rote to it in etc/di.xml.

  • The popup for guest customers (by default available for native Magento and Smart One Step Checkout extension checkout pages):
Panel
borderWidth2px
borderStylesolid
<type name="Aheadworks\Gdpr\Block\Consent\GuestPopup\VisibilityResolver">
        <arguments>
            <argument name="routes" xsi:type="array">
                <item name="native_checkout" xsi:type="string">checkout/index</item>
                <item name="aw_osc" xsi:type="string">onestepcheckout/index</item>
            </argument>
        </arguments>
</type>
  • The popup for existing customers (appears on all pages, except for the customer/account/edit one):
Panel
borderWidth2px
width50%
borderStylesolid
<type name="Aheadworks\Gdpr\Block\Consent\CustomerPopup\VisibilityResolver">
        <arguments>
            <argument name="routes" xsi:type="array">
                <item name="all" xsi:type="string"></item>
            </argument>
            <argument name="deniedRoutes" xsi:type="array">
                <item name="customer_account" xsi:type="string">customer/account/edit</item>
            </argument>
        </arguments>
</type>

Existing Customer Consents

Seemingly, existing customers should have already provided their consents, but not necessarily. The customer base may also include shoppers who had registered before the extension was installed. Or, in case the terms of your privacy policy changed drastically, you would possibly like to collect new consents to make sure that all your customers comprehend the amendments clearly. In this case, you can reset previous consent and collect them repeatedly.

Image Removed

Existing customers provide their consent at the moment they enter their accounts in your store. Immediately after signing into the store, they will see the same pop-up asking them to provide the consent.

Accessing and Erasing Data

Except for the necessity to provide their consents, customers have the right to access, copy, transfer and delete their personal information. Customers do that in My Account in the Account Information section. The section contains two buttons: Delete My Account and Get My Data. As soon as the Customer clicks on one of the buttons, a verification email follows to the Customer's mail inbox.  The email prompts the Customer to confirm the request. Confirmed requests appear on the Backend.

Image Removed

On Backend - Magento 2 GDPR

...

Extension Settings

To configure the extension, go to Stores > Configuration > Aheadworks Extensions > GDPR. The page features two sections: General and Email Settings.

The following options are available in the General section:

...

Note

When the value of the Data Protection Policy Page (DPP) is changed in Admin > Stores > Configuration > GDPR > "Data Protection Policy Page", go to Customers > Consent Relevance and click on the Reset Consent button to prompt registered customers to give consent to the privacy policy again. Changing the DPP page presumes changes in the privacy policy.

Image Removed

The following options are available in the Email Settings section:

  • Sender - the Store User to be the Sender of the request confirmation emails send to customers
  • Removal Confirmation Email Template - the email template to be used for personal data removal requests
  • Data Access Confirmation Email Template - the email template to be used for personal data access requests
  • Enable admin notifications upon the events - select the requests for notifications to be sent to the Admin
  • Send admin notifications to - specify the Store User to receive the above notifications 
  • Data removal request email template - the template for the emails sent to the Admin on customers submitting data removal requests 
  • Data access request email templatethe template for the emails sent to the Admin on customers submitting data access requests 

Image Removed

Privacy Policy CMS pages

To browse and manage the versions of your privacy policy (PP) regulations, go to Customers → GDPR by Aheadworks → Privacy Policy CMS pages. Tracking what PP and which version thereof the Customer agreed to is required by law.  

The grid comes with the following columns:

  • CMS page - the page containing your privacy policy regulations (active link to the Edit [Page Name] page)
  • Version - the version of the privacy policy
  • Store View - the store view to contain the cms page 
  • Created - the date when the page was set up as the privacy policy cms page
  • Actions - click on the View active link to open the Edit [Page Name] page

Image Removed

To set a page as a Privacy Policy page, go to Content → Pages and select/create a page. Make use of the Set up as Privacy Policy page toggle.

If toggle Set up as Privacy Policy page is on, then the Privacy Policy Version text-field appears. The following is important when setting up the version of the PP:

  • the number is unique within a store view (e.g. the same set of rules in different languages is considered to be the same PP version).
  • If the version is not set, the extension does not track it’s uniqueness: there can be multiple PP assigned to the same store view without any version number.

  • the number can consist of letters, numbers, dots, commas, underscores and hyphens.

Note

There can be only one active Privacy Policy page per store view.

On an attempt to set a cms page as a PP page for the given store view, an error is displayed “Can’t save privacy policy page with this version. Please specify another version that is unique for this store view.“ Saving a PP page is not possible when there already exists a version for the same store view.

Same applies to the situation when there is already a page set for a whole website and the Admin wants to set the PP page for a store view within this website. In this case, for a given store view, the Admin needs to specify a new version.

Note

Having saved a Privacy Policy CMS page, its heading, version and content could no longer be deleted or edited, unless the page is set as Current in Store config. All other options (meta fields, layout, etc) can be edited.

Note

Privacy Policy CMS pages can not be reverted to ordinary CMS pages

The Admin can change Privacy Policy if need be and then track which Privacy Policy version customers agreed to. This eCommerce behaviour is required by the law.

To change the Privacy Policy, the Admin creates a new page and sets it up as the Privacy Policy page with a unique version. Privacy Policy versions can not be changed after saving, thereby every new version requires a new page. Old pages of PP are kept as read-only copies. At times, the Admin needs to reset the consents, if changes to the PP require it.

Image Removed

Data Access Requests

As soon as data access requests are verified by email they appear in the Data Access Requests grid for further processing by the Admin. Go to Customers > GDPR by Aheadworks > Data Access Requests to find the grid. 

The Data Access Requests grid includes the following columns:

  • Customer ID - ID of a customer;
  • Name - customer's name;
  • Email - customer's email;
  • Status - request status. Available options include: Pending, Processing, Completed, Canceled;
  • Created At - date and time of the request submission;
  • Resolved At - resolution date and time;
  • Actions - the column contains an active link, which allows Magento admins to change the status of a request or download customer information in the PDF (human-readable) and XML (machine-readable) file formats.

Image Removed

Info

The above formats, in fact, are intended for different purposes and exercise two different GDPR rights. PDF allows customers to access their personal information, while XML allows customers to make data portable and transfer it to other solutions or applications.

In addition to the Actions column, request statuses can be changed massively using the Actions box.

Developer Notes: Data Export

...

width100%

Export of the Data Stored in Third-party Applications

  • Add the following code lines to the etc/di.xml file:
Panel
borderWidth2px
borderStylesolid
<type name="Aheadworks\Gdpr\Model\Service\CustomerDataCollector">
        <arguments>
            <argument name="dataCollectors" xsi:type="array">
                <item name="your_module_data" xsi:type="array">
                    <item name="module" xsi:type="string">Vendor_YourModule</item>
                    <item name="collector" xsi:type="string">
                           Aheadworks\Gdpr\Model\Service\CustomerDataCollector\YourModuleDataCollector
                    </item>
                    <item name="position" xsi:type="number">150</item>
                </item>
            </argument>
        </arguments>
</type>
<virtualType name="Aheadworks\Gdpr\Model\Service\CustomerDataCollector\YourModuleDataCollector" type="Aheadworks\Gdpr\Model\Service\CustomerDataCollector\DataCollector">
        <arguments>
            <argument name="title" xsi:type="string">Your Module Information</argument>
            <argument name="dataProcessor" xsi:type="string">
                   Vendor\YourModule\Model\YourModuleDataProcessor
            </argument>
        </arguments>
</virtualType>
  • And create the data processing Vendor\YourModule\Model\YourModuleDataProcessor.php file as follows:
Panel
borderWidth2px
width50%
borderStylesolid
<?php
namespace Vendor\YourModule\Model;

use Aheadworks\Gdpr\Model\Service\CustomerDataCollector\DataProcessorInterface;
use Magento\Customer\Api\Data\CustomerInterface;

/**
 * Class YourModuleDataProcessor
 * @package Vendor\YourModule\Model
 */
class YourModuleDataProcessor implements DataProcessorInterface
{   
    /**
     * Get your module data
     *
     * @param CustomerInterface $customer
     * @param int|null $storeId
     * @return array
     */
    public function getData($customer, $storeId)
    {
        return [
            'test' => 'Message',
            'items' => [
                'item_1' => 'Item 1',
                'item_2' => 'Item 2',
                'item_3' => 'Item 3',
            ]
        ];
    }
}

Removal Requests

The same way customers may ask to delete own personal information, still, these requests are collected in the Removal Requests grid located under Customers > GDPR by Aheadworks > Removal Requests. The grid has absolutely the same columns as the previous one. The only difference is that the Actions column in the grid only allows Magento admins to manage request statuses. The same actions can be performed massively from the Actions box above the grid.

Once the customer's data removal request has been approved, his/her personal data is erased from the store. The data includes the customer's ID, Name, and Email.

Image Removed

Consent Relevance

On receipt of a request to delete the data of the Customer, the Admin refers to the Consent Relevance page. The Consent Relevance grid contains a list of all customers, including the guest ones. The grid allows the Admin to anonymize customer data in one click. Additionally, on this page, the Admin can track and manage the consent statuses of the customers. 

The Consent Relevance grid is located in Customers > GDPR by Aheadworks > Consent Relevance. The grid contains the following columns:

  • Customer ID, Name, Email - the ID, name and email of the customer
  • Website - the store-view where the Customer clicked to agree to the privacy policy rules
  • Latest Consent Date - the date and time of the latest consent as signed by the Customer
  • Relevant Consent - the status of the consent considered to be relevant or not. Includes two options: Yes and No
  • Actions - click on the Select selector and apply the Erase Customer action to erase the personal data of the Customer.

Image Removed

Note

The customer whose data is erased gets anonymized. This means that his/her personal data in the grid is now hidden behind asterisks in the ID, Name, and Email columns, correspondingly. However, his/her orders remain recorded in the store's database, though marked as guest-orders. These orders can be stored for a period determined by a local law.

To massively anonymize customer data, in addition to the Active column, the Admin can also use the Actions box above the grid.

Note

Note that in M2 GDPR version 1.1.0 customers' data are not displayed in the Consent Relevance grid in the following cases:

  1. Guest-customers leave their consent either via the Newsletter or Contact Us form.
  2. A customer is registered, but there is no record about his/her consent in the system. As a guest, the registered customer subscribes to the newsletter, or creates a ticket via the Contact Us form, or creates an order and gives his consent. 

The Consent Relevance page also includes the Reset Consent button, which resets all eligible consent statuses to 'No'. This is the case when the Admin may need to collect consents once again. If all the consents are reset, all the customers have to provide their consents once again.

Developer Notes: Data Deleting

...

width100%

Deleting data from Third-party Applications

In case if the data in the third-party application and Magento customer table are connected (Foreign Key), you don't need to do anything at all, as soon as the data is going to be deleted automatically (recommended). Otherwise, you need to add own "eraser" using the etc/di.xml file. The Eraser should use the Aheadworks\Gdpr\Model\Service\CustomerDataEraser\DataEraserInterface interface:

Panel
borderWidth2px
borderStylesolid
<type name="Aheadworks\Gdpr\Model\Service\CustomerDataEraser">
        <arguments>
            <argument name="dataErasers" xsi:type="array">
                <item name="Vendor_YourModule" xsi:type="string">Vendor\YourModule\Model\YourModuleEraser
                </item>                
            </argument>
        </arguments>
</type>

You can also use the following events:

Panel
borderWidth2px
width50%
borderStylesolid
"aw_gdpr_customer_data_delete_before", params: customer_id
"aw_gdpr_guest_data_delete_after", params: customer_id
"aw_gdpr_guest_data_delete_before", params: email, store_ids
"aw_gdpr_guest_data_delete_after", params: email, store_ids

Uninstalling Magento 2 GDPR

...

width50%

Manual Removal

...

borderWidth2px
borderStylesolid

1. Disable the module by executing the following commands:

No Format
php bin/magento module:disable Aheadworks_Gdpr
php bin/magento setup:upgrade

...

borderWidth2px
borderStylesolid

2. Remove the extension files from the following folder:

No Format
app/code/Aheadworks/Gdpr

...

width50%

Automatic Removal (via Composer)

...

borderWidth2px
borderStylesolid

1. Disable the module by executing the following commands:

No Format
php bin/magento module:uninstall Aheadworks_Gdpr

...

Warning

For more information follow the product user manual on our website


Product Page

Thank you for choosing Aheadworks!


Need Customization?

You can always find the latest version of the software, full documentation, demos, screenshots, and reviews on http://aheadworks.com
License agreement: https://aheadworks.com/end-user-license-agreement
Contact Us: https://aheadworks.com/contact
Copyright © 2021 Aheadworks Co. http://www.aheadworks.com