GDPR for Magento 2 extension helps store owners comply with GDPR without manual code changes. By allowing customers to request Magento owners to delete or anonymize their accounts and information, this module gives customers the rights to be forgotten as GDPR requires. Therefore, customers have their own rights to decide what to do and how to do with their data on Magento stores. This also increases data safety for customers purchasing on the stores.
2. How Does It Work?
Please go to Account Dashboard ⇒ GDPR ⇒ Configuration to start settings.
In Enabled: Choose Yes to enable the module or choose No to disable it.
In Account Data Access Page Title: choose a suitable title for the Account Data Access Page. This page is included in My Account.
In Account Data Access Page Content: customize your content in this page to tell customers more information about deleting and anonymizing accounts or any information you want to let customers know.
In Auto Accept Request:
+ Choose Yes to allow automatically accepting customer requests.
+ Choose No if you don’t want to automatically accept requests. In this case, customer requests are displayed in a management grid table view and admin can manually accept, reject or even delete those requests.
Please navigate to Account Dashboard ⇒ GDPR ⇒ Request Management:
New customer requests are displayed in this management grid table and have status of Pending. You can select each request or multiple requests to take actions at once. Click Action box, you can see Delete and Change Status actions which include Accept and Reject.
- Delete: you use it to remove customer requests from the management grid table.
- Accept: you use it to accept customer requests (delete account or anonymize account). Then, statuses of accepted requests are changed to Accept.
- Reject: you use it to reject customer requests, but these rejected requests are still shown in the grid table with status as Reject.
Furthermore, when you choose No for the Auto Accept Request field, you need to configure notifications for customers and admin information as well as admin email.
In Notification When Customer Requests to Anonymize Account and Notification When Customer Requests to Delete Account: add suitable notifications for customers when they make requests. For example:
These notifications let customers know that their requests are sent to admin and will be soon processed.
In Maximum Number of Requests Each Account Can Make: Enter a number that specifies how many times customers can send requests. In case the number of customer requests exceeds this figure set up in the backend, a message will be displayed in customer account to notify them.
In Admin Email: enter the admin email which receives notifications of new requests.
In Admin Name: enter the wanted admin name to be called in the admin notification email.
In Admin Notification Email Template: choose an email template to send to admin and notify about new requests customers have sent.
*Note: In case you choose Yes for the Auto Accept Request field, admin don’t receive admin notification email.
In Customer Anonymization Email Template: choose an email template to send to customers and notify about their new anonymous accounts.
In Customer Request Rejection Email Template: choose an email template to send to customers and notify about rejected requests by admin.
In Customer Deleting Email Template: choose an email template to send to customers and notify that their accounts are deleted.
- These templates are easily customized in Marketing ⇒ Communications ⇒ Email Templates.
- For customer reviews, customer names are displayed as anonymous in the frontend and customer data is saved as guests after anonymizing.
All created Privacy Policies are listed in the grid table to manage easily: