This extension fullfill the GDPR requirements for Magento 2.
Magento 2 Open Source or Commerce edition is required.
Run the following composer command:
composer require opengento/module-gdpr
Run the following magento command:
bin/magento setup:upgrade
If you are in production mode, do not forget to recompile and redeploy the static resources.
Users, guest and customer can:
-
Art. 16 GDPR Edit their personal data (native in vanilla)
-
- Customers can use their 'right to be forgotten'. Account deletion and anonymization can be done in 'My Account > Privacy Settings'. The password is required to ensure the customer legibility. The account will be erased within 1 hour, or as specified in configuration. The customer can undo the action in this time span.
- Guest users can use their 'right to be forgotten'. Account deletion and anonymization can be done in the order view, they must fill the guest form first to show their order. The data will be erased within 1 hour, or as specified in the configuration. The guest can undo the action is this time spare.
- The customers and guests will be erased after a configurable idle time.
- The sales information are locked within a configurable time. These information are automatically erased after this period.
As a merchant you can easily manage which type of entity must to be delete or anonymize. In the last case, the module allows to define which attribute must to be anonymize, and how it is.
Times are configurable too, you can define the period of cancellation for the erasure, the idle time for the users before they are erase, and the sales information lifetime.
- Art. 20 GDPR
- Customers can export their data in
.zip
archive containing file,.html
(many others are available), with personal data. Personal data export can be done in 'My Account > Privacy Settings'. - Guest users can export their data in
.zip
archive containing file,.html
(many others are available), with personal data. Personal data export can be done in the order view, they must fill the guest form first to show their order.
- Customers can export their data in
- Cookie Policy in a disclosure popup are shown at the first time customer visit.
Details:
- Erasure: delete or anonymize specific data thanks to configurable settings in admin ui.
- Configure which order can be erased, regarding their state and life time.
- Privacy data will be automatically erased after a delay.
- Sales data are safely keeped till the preservation delay expired.
- Choose the file name and the format of your choice for the privacy data export.
- Choose which data is interpreted as privacy data and will be exported.
- Actions related to the GDPR compliance are reported in the admin ui.
- Merchants can execute and keep an eye on the performed actions from the admin ui.
- Choose the CMS static block to show on the storefront by scope and features.
- Enable or disable features for the storefront.
- Notify the user when a GDPR action is performed, configure the template and sending settings.
- Display the cookie disclosure pop-in and edit its content as you want.
The configuration for this module is available in 'Stores > Configuration > GDPR Compliance'.
The documentation is available here.
Raise a new request to the issue tracker.
This project is licensed under the MIT License - see the LICENSE details.
That's all folks!