GDPR Support - Magento 2
This Magento 2 extension will add GDPR Compliance support to Magento 2 stores
- Allows customers to delete their account
- Allows customers to export all their data including their personal information, addresses, quotes, wishlist, reviews
- Adds cookie notification bar requesting ‘express consent’ from your website visitors
|Compatibility (CE & EE)||2.1.x, 2.2.x, 2.3.x|
- Quality Code
- Free Installation
- Lifetime Free Support
- Quick Response
Overview - GDPR Support Magento 2 Extension
GDPR stands for General Data Protection Regulation. It’s the EU’s new data protection legislation. The main objective of GDPR is to give individuals back control of their personal data. This rule doesn't apply to merchants from Europe but it applies to all merchants who deal with personal data of Europe citizens.
We developed this extension to add some key features to the Magento store in order to compile with GDPR.
- Customer can delete their account: Customer can initiate the account deletion process by clicking "Delete My Account" button at section "Account Information" in his account. Once the button is clicked customer will receive a link to his email to permanently delete his account. As soon as the link is clicked the customer will be deleted from the database completely if he hasn't placed an order on the store else all his data will be anonymized.
- Customer can export their data: Customer can initiate data export process by clicking "Export My Data" button at section "Account Information" in his account. Once the button is clicked customer will receive a ZIP file on his email containing individual CSV files for below data
- a) Personal Information
- b) Addresses
- c) Wishlist
- d) Quotes
- e) Reviews
- Customer email verification: If a customer updates email address on his account then the email address will be changed only if he confirms the new email address.
- Cookie Notification Popup requesting ‘express consent’ from your website visitors upon entering your website.
What is unique about the extension?
We have especially taken care of security while developing all these features to avoid the data breach, which can be crucial if happens. The below points describe what it means
- Account Deletion: We ask for the current password before receiving a deletion request so that only authorized customers can generate the request. Along with it, the account will not be deleted immediately instead an email will be sent to the customer with a URL to delete the account permanently as a final step. This will ensure that only the customer can delete his account.
- Data Export: Similar to account deletion, we ask for the current password before receiving the request and the data will not be downloaded immediately. Instead, it will be sent as a ZIP attachment to the customer's email address.
- Email Verification If a customer tries to update the email address of his account then an email will be sent to the customer to verify his new email address before the email address gets changed.