Magento 2 GDPR Compliance: Anonymisation of order data

Rating:
96% of 100
£155.99 £129.99
Compatible with Magento 2 community and enterprise 2.3.3 - 2.4.x including cloud edition
Make your store GDPR compliance with a single extension !! Magento 2 GDPR extension makes your Magento 2 store GDPR(General Data Protection Regulation) compliance effortlessly. This module implements cookie notification, full customer data export, customer data deletion along with anonymization of sales data of your store.
  • Delete & Anonymize Customer Account
  • Cookie Notification Message / Restriction Notice
  • Add the customizable cookie policy bar
  • Manage customer consents
Magento Best Extension Winner 2018

Free Support

up to 60 days

Free Upgrades

up to 1 year

Fully open source

 

5 Great add-on and service
We are happy with the module and especially the service, we bought this module with installation and these guys installed everything within 2 hours, excellent service!
4.7 Great features and support
Checked quite few modules before buying this one, asked these guys dozen of questions which they answered patiently so last week I went and bought this module and I am not disappointed at all because of the number of features they have built. Their customer service is great as well because they instantly provided us development license key for our staging environment. Overrall great customer experience. Price could be cheapear so 4 stars for that :-)
4.7 Great module and service
Great service, we have just upgraded to the latest version of the extension and they have added privacy policy consent feature which we were thinking to buy another extension. Great value for money!
5 Excellent support!
Simply great and responsive support. Definitely recommend Shivani and team to others. We asked for license keys for dev domains and it was provided straight away.
5 Simple to install and configure
Great features with simple to install and configure, customer service and their documentation is amazing. So 5 stars all around, thumbs up :-)
5 Perfect module for us!
This module seems to cover all aspects of EU Law GDPR regulation. Happy with the module and service provided by Scommerce Mage team.
4.7 Excellent Customer Service
We are digital agency in UK and have been buying this extension for all our European clients. We already know that this extension has great features but this review is specifically for great customer service which we get every time we buy any module from this website. Great work SCommerce team!
5 Great support
This extension provides what we need for our GDPR requirement. Scommerce team is very responsive. Overall great experience!
4.3 Peace of mind!
We have customers in UK and Europe so this extension definitely give us peace of mind because it has all the good features to cover website aspects of GDPR requirements. Quite happy with the overall service provided by the extension developer!
5 Well written extension
Great features and easy to customise for developers! Support team has good knowledge of Magento 2.
4.3 Excellent support!
Quick response and excellent support! Very good plugin for GDPR. Ignore using the plugins from large companies like Amasty/Mageplaza which started subscriptions to cheat the people, start using the plugins from small vendors.
Composer Package name:
scommerce/gdpr2
Latest Version:
1.1.6

Product description

Supports Individual Rights: GDPR Extension for Magento 2

Compatible with Magento 2 community and enterprise 2.3.3 - 2.4.x including cloud edition

The extension will add all the essential tools and features that help your store achieve GDPR(general data protection regulation) compliance. It supports cookie compliance, complete set of customer data export and customer data deletion along with anonymization of the transaction data

Protect Your Data with Magento 2 GDPR Extension

Running a safe and protected online store can be incredibly easy. If you are looking for a quick solution to ensure data protection on your online store, then we can help you out.

All You Need to Know About GDPR Extension for Magento 2

Anonymize sales on your online store using the GDPR extension for Magento 2 designed by professional developers. With a detailed description of the functionality and main features, you can start implementing all data regulations to keep your customers’ data safe.

GDPR banner

Why You Need GDPR?

GDPR refers to the General Data Protection legislation passed by the EU in 2018. This detailed set of rules controls the way customer data is used, processed, and stored by all businesses in the EU. There are three main modules in the GDPR legislation, including:

  • Right to be Informed: Let your customers know how their data will be used.
  • Right to be Forgotten: Allow customers to delete all their personal information from your company database.
  • Right of Access: Give complete access to customers to view what data is collected and through which mediums.

Implementing GDPR on your store is essential since it allows businesses to have a transparent data collection policy. Additionally, your customers will feel safe when entering their personal details on your website. Not only can GDPR compliance improve your sales revenue, but it can also help form a credible brand image with your target audience.

What is Magento 2 GDPR Extension?

Since Magento 2 does not allow for complete GDPR reliance on its own, it can be difficult for businesses to manually enable these settings. Fortunately, you can use the Magento 2 GDPR Extension by Scommerce Mage. With a single extension, you can effortlessly make your store GDPR compliant. Here are a few ways that the Magento 2 GDPR extension can benefit your online store:

  • Cookie Notifications for All Users
  • Anonymize Details of Customer Accounts
  • Automated Deletion of Inactive Accounts
  • Customizable Data Collection Bar for New Users
  • Receive and Manage Customer Consent

Magento 2 GDPR Extension: Functionality

If you start using the Magento 2 GDPR extension on your store, then you can easily comply to all the regulations. Here’s how the Magento 2 GDPR modules are implemented using the Scommerce Mage extension:

  1. Right to be Informed – Cookie Compliance:- Since customers need to be informed about your data collection policy, the GDPR extension helps you create a customized notification. This pop-up will appear as soon as a user opens your website, and they can either accept or deny data collection. If data collection is mandatory for your business, then you can make it mandatory for customers to accept the cookie collection policy before entering the site. Cookie Configuration with Magento 2 GDPR ExtensionWith the Scommerce Mage GDPR extension, you can customize the cookie notification according to the existing theme of your site. No need to change the backend code all over again – the notification can be customized through the extension itself. Once a customer accepts or rejects the cookie policy, you can save their choice throughout the browsing session.
  2. Right to be Informed – Privacy Policy:- Not all customers want to receive emails and messages from a business. If you want to contact a customer later, you must ask for their consent first. With the Scommerce Mage Magento 2 GDPR extension, you can record the subscription data and length for every customer automatically. You can ask for consent during a newsletter subscription, account registration, or at checkout. Administrators can control when the consent box would appear on the screen and edit the privacy policy according to their company.
  3. Right to be Forgotten – Data Deletion:- All customers should have the right to delete their account from your business database. The option to ‘delete account’ will always be available on the screen when our GDPR extension is enabled. Once a customer chooses to delete their account, an automated confirmation email will be sent to their registered address. The email contains a link through which the customer can easily delete transaction data, orders, invoice, and shipment details permanently. The Scommerce Mage GDPR extension also allows automatic data deletion after a specified retention period. This ensures that your business is GDPR compliant even if you forget to manually delete customer data. About Configuration SettingsScenario: “My Magento 2 online store does not delete customer data automatically. How can this extension help me?” To resolve this problem, you can enable our GDPR extension which automatically anonymizes all customer data from the database after a specified time period. For two-factor authentication, you can also enable the option to send a deletion link to the customer’s email address.
  4. Right of Access – Give Customers Data Portability:- Customers can contact the site admin to export all user-related data from the website. With our GDPR extension, it is easy to export user data from the Magento admin portal. Customers can click on a single button to export their data from the database including address, orders, payments, and subscriptions.

GDPR rights

Here are the main features of this module-:

Cookie Compliance / Right to be informed

  • It implements cookie compliance customized notification message on your website
  • The cookie notification appears as soon as user lands up on the website
  • The cookie notification can be optional or mandatory for customers to accept before accessing the website
  • It allows you to enable/disable cookie notification message from configuration
  • The text for the cookie notification is fully manageable from configuration
  • The extension provides options to manage text and background colour of the cookie notification message through extension configurations so that you can match the style to your site without changing code
  • The message is displayed at the top or bottom of the page which is configured through system configuration
  • The cookie choice saved as a cookie which can be further used to prevent calling third party trackings like Google Analytics, Google Remarketing, FB Remarketing etc.

Privacy Policy Consent / Right to be informed

  • It allows customers to give clear and concise consent at the time of newsletter subscription, contacting you, account registration and during checkout
  • It sets subscription date with all newsletter subscription because now you have to have information about who opted in and when with specific date and time
  • It records when, who and how the consent was given by the customer including their IP address before filling any personal data on your website
  • It allows administrators to look who, when and how the consent was given by the customer including guest customers
  • It allows administrator to control which forms they would like the consent checkbox to appear on the frontend
  • It allows administrator to change privacy text of the consent checkbox which appears on the frontend

Right to be forgotten

  • It provides registered user an option to delete their account including newsletter subscription, quote, order, invoice, shipment and credit memo data. The user gets delete option under my account section on front end. Admin can enable/disable this option from configurations.
  • It provides option to delete customers, newsletter subscription and anonymise transaction data to adminstrators
  • It allows administrators to send confirmation email to customers with the link to delete and anonymise their transaction data including order, invoice, credit memo and shipment
  • It allows administrators to anonymise transaction data manually which are older than the retention period. (New!)
  • It also allows to automatically anonymise transaction data which are older than the defined retention period in the system configuration.(New!)
  • It anonymises personal data which includes customer firstname, middlename, lastname, email address, remote IP address, phone, fax, region, street, city and postcode
  • The extension also allows you to set all the personal data in the Quotes to NULL through a cron job. You can easily manage the number of days after which data needs to be set to NULL from configurations

Right of access / Right of data portability

  • It allows administrators to export all customer data manually for a given customer. This meets the requirement of "right to access" and "right of portability" as under GDPR individuals will have full rights to ask for complete set of their personal data on your website. (New!)
  • It exports all the personal data from the system including customer, customer addresses, sales orders, sales order addresses, payment, quotes and newsletter(New!)

Other features

  • All the messages or texts appearing on frontend or backend can be translated easily to the language of website
  • It provides you full control over the email templates from admin panel exactly same as any other Magento email template
  • It fully supports sub-domains and multi-domain websites **
  • Its compatible with all the latest Magento 2 Enterprise and Community versions
  • This module can be completely disabled via system configuration in admin
Use our demo store to try out this extension. The demo store is refreshed every 3 hours.

Admin Demo URL

Cookie Pop Up

Cookies pop up is used to improve the experience for user by providing them all the infomation about the individual cookies used on the site. With the help of cookie pop up admin can maintain the categories for all the cookies generated on the website. It helps user to set cookie preferences for individual categories.

cookie popup

Here are the main features of this module-:

  • You can create/add cookie prefrences categories in back-end
  • It lets you select cookie pop up styling, modal border, header font color, background color etc..
  • You can add customized CSS.
  • You can manage the buttons style and the title, text, font color of the tabs.
  • You can manage the pop up styling from back-end
  • It allows you to choose whether cookie is required or not.
  • You can set the default values for cookies.
  • You will have an option to select all cookies or an individual cookie.
  • You can define categories and cookie choice at store level.
  • You can add cookie choice description
 

SCENARIO: 1

"My store has hundreds of tracking implemented through Google Tag Manager(GTM). Is there a way to associate tags with cookies? I want a certain tag or group of tags to only fire when the associated cookie is accepted by the customer. How can I achieve this using your extension?"

You can exactly achieve this using our extension. We often suggest our clients keep their trackings in one place as it makes it easier to implement this scenario. If all of your trackings are implemented through GTM then your work has been reduced by half. Simply go to Admin>Customers>Cookie Popup>Manage Cookie Choices and click on Add New Cookie Choice and create a new cookie. For instance, we have created the marketing_cookie in the image below. Remember the “cookie_name” as we are going to use it in the next steps. You may notice that whenever a user accepts a certain cookie on the frontend then the value of the cookie changes to “1” otherwise it remains”0”. You can verify it by going into your browser's inspector then network.Next, navigate to the GTM container of your store than from the left navigation go to variables and create a new variable with variable type as “1st party cookie” and variable name exactly as your cookie name. We will provide here ”marketing_cookie”. Now we will go to all the tags that are related to marketing and provide an extra condition for their triggers. The tag should trigger upon a certain event and when the value of marketing_cookie is “1” i.e the cookie is accepted by the user. In a similar way, you can segregate and control tags so that they only fire when the user has accepted the respective cookies from the frontend.

GDPR scenario 1

SCENARIO: 2

"I have been working on my store to make it GDPR compliant and in the process, I have noticed that my Magento 2 store doesn't have the option to delete the personal data of a customer. Does your extension include this feature? Also, I want to provide customers a link to delete their data. Would it be possible to achieve this using your extension?"

As you rightly said Magento 2 does not allow us to delete the personal data of a customer by default. However, GDPR guidelines require us to delete all personal data of a customer upon request. Our Magento 2 GDPR extension integrates this feature on your store so you will now have the option to delete the personal information of customers from your Magento 2 store. It also provides you the option to send a link to the customers using which they can delete or anonymize their personal data fulfilling the necessary GDPR requirements. To send the deletion link or delete a customer's personal data to go to Admin>Customers>All Customers select the customer and click Edit from the Action column. Here, you should see various new options being added on the top navigation including Delete Personal Data(deletes personal information of the customer), Send Deletion Link to Customer(sends a link to the customer using which they can delete or anonymize their personal data), and Export GDPR Data(gives you a CSV file with all the personal data of that respective customer).

GDPR scenario 2

Click here to know more about it.


We provide 60 days free support and 12 months of free upgrade from the date of purchase for any standard Magento site. Installation service is also available with a minimal charge of £70 for any standard Magento Site. Additionally, you can buy our 12 months free premium support and free lifetime upgrade for just £70. If you need any help with this extension or you want to enhance this extension to meet your business needs, please contact and we will get in touch with you within 48 hours. And if we like your idea we might do the solution at a discounted rate or for free.


** Please refer to our FAQ or T&C section for running our extensions on multiple domains or sub-domains

FAQ

Q: What is GDPR?
Q: What happens when customer "declines" or "accepts" third party cookies from cookie notification message?
A: It creates first-party cookie i.e. "cookie_accepted" and set the value to 1 when customer "accepts" and 0 when cutomer "declines". If you are using any of our tracking extensions then they all come with the option to stop sending info to third parties like Google when third party cookie usage has been declined by the customer. But if you are using third party tracking extension then they need to check for cookie name "cookie_accepted" and this will be set to 1 for "accept" and 0 for "decline"

Here is the function which will force your tracking not to run unless the cookie has been accepted by the customer from cookie notification message

     /**
     * Check if the third-party cookie has been accepted or not
     *
     * @return bool
     */
     protected function hasCookie()
     {
          $cookieKey = 'cookie_accepted';
          $cookie = (string)Mage::getModel('core/cookie')->get($cookieKey);
          return ($cookie=="1" ? true : false);
     }

Here is the function which will turn off your tracking only when customer declines from cookie notification message

     /**
     * Check if the third-party cookie has been accepted or not
     *
     * @return bool
     */
     protected function hasCookie()
     {
          $cookieKey = 'cookie_accepted';
          $cookie = (string)Mage::getModel('core/cookie')->get($cookieKey);
          return ($cookie=="0" ? false : true);
     }

N.B - You don't need to do anything with your trackings if you are not sending Personal Identified Information (PII) because GDPR only applies to personal data not transaction or catalogue data
Q: I am using GTM for all my trackings, can I control certain tags to get fired only when customer has accepted the cookie?
A: Yes of course, please follow the below steps in GTM -:
  1. Step 1 - Create a new variable named "acceptance_cookie", variable type should be 1st-Party cookie and give the name of the cookie as "cookie_accepted"

  2. Step 2 - Create a new trigger named "Acceptance Cookie", trigger type could be anything like GTM.DOM, Pageview, Custom Event etc. and based on the trigger type choose some custom events or some pageview and add the following condition

    - From first dropdown - select variable name created in Step 1 i.e. "acceptance_cookie"
    - From second dropdown - select equals
    - Third Input box - put value 1

  3. Step 3 - Associate the trigger created in Step 2 ie.. "Acceptance Cookie" with any existing tag and that tag will ony fire when customer accepts the cookie on your website
Q: Does this extension make my company fully GDPR compliant?
A: This extension is going to support towards compliance, it targets mainly around few main requirements "cookie notification", "privacy consent", "right to erasure","right to be informed","right of data portability" and "right of access" but just installing this extension is not going to make your company fully compliant. To be precise it is not just implementing technical elements on your website. It is a disciple which is around making sure the personal data (for example email address, phone number, name, addresss, medical info etc.) which is stored in your data centre in any format or the personal data that you are sharing with third parties is secure. For more information Click here to know more about GDPR.
Q: If someone puts items into a cart and does provide personal information, but finally does NOT order, the customer is not registered as a customer but that data is still somewhere in the system - does this module also delete this data ?
A: Yes we are running a cron job which clears personal data from cart / quote table automatically after set number of days which you can configure in admin, by default it is set to 30 days.
Q: Can my customer change their cookie preference?
A: Yes they can change their cookie preference by clicking on the cookie preference link from the header
Q: How often the cron job runs to anonymise order data automatically?
A: It runs every 1 hour to anonymise order data automatically

Q: Can I anonymise order data for guest customers?
A: Yes you can anonymise orders for guest customers from sale order screen using "Anonymise order" action. Please click here to see the screenshot
Q: As an adminstrator what all things I can perform and set up from Magento admin panel?
Here is the list of things you can do as an administrator -:
    1. Cookie Notification Message and other configurations – You can manage from Admin -> Stores -> Configuration -> Scommerce Configuration-> GDPR

    1. Order anonymisation – This can be achieved either by clicking “Delete personal data” button from Customers -> All Customers or from Sales -> Orders -> Actions drop down (Anonymise Orders)

    1. Send delete link to customer – This can be achieved by clicking “Send deletion link to customer” button from Customers -> All Customers

    1. Export customer data - This can be achieved by clicking “Export GDPR data” button from Customers -> All Customers
Q: Where can I create and add new cookies to the cookie popup?
A: To create and add a new cookie to the cookie popup go to Admin>Customers>Cookie popup>Manage Cookie Choices and click on Add New Cookie Choice. Enter the values in the fields as in the example shown below, save and you are done. GDPR manage cookie choices
Q: Is there a screen in the admin panel where I can view the details of the customers who have given consent to our privacy policy?
A: Yes, you can view several details of the users in the admin panel who have agreed to the privacy policy consent during registration. Go to Admin>Customers>Privacy Policy Consents. There are several details shown in the grid such as email, source, ip etc. GDPR privacy policy consent
Q: Where can I delete the personal data of customers on the admin panel?
A: Personal data can be deleted from Admin -> Customers -> All customers section by edit a customer. From the top section you can click on "delete personal data" as shown in the screenshot below to delete personal data. Please note: personal data we will not delete customer account but will anonymise all the sensitive data of the given customer GDPR delete personal data
Q: Will my store become fully GDPR compliant if I use your extension?
A: Although this extension can make your Magento 2 store GDPR compliant to a certain extension, you can never be sure. As GDPR compliance is a discipline that needs to be exercised according to the specifications and functionality of each store. So make sure all the other feature of your store are in line with the GDPR guidelines.
Q: Do I get privacy policy consent checkbox on all the forms. Also, how can I add privacy policy consent on custom forms?
A: As every store is different, the number of forms can vary from store to store. However, our extension out of the box adds a privacy policy consent checkbox on four major forms of the store. These forms include Order, Registration, Contact Us, and Newsletter. These forms are most commonly used in almost all stores. However, if you want to add the consent checkbox on a custom form then you just need to add the piece of code shown below:-
 
Q: Is there a grid in the admin panel where I can see the details of the people who have accepted privacy policy consent?
A: Yes, there is a detailed grid in the admin panel that shows all the details of people who have accepted the privacy policy consent. It includes details such as email, website, source, ip, date, etc. Please refer to the image below:-GDPR privacy policy consent

Q. How can I get license key for my development website?
A. If you want to get the license key for the developer website, please contact our team at core@scommerce-mage.com along with order number and development site URL. The developer website can be on a separate Magento installation than your base domain for which the license was purchased
Q. Can I test the extension before buying?
A. Unfortunately we can't provide you extension for testing purposes but we have demo available for most of our extensions and happy to provide full refund if the extension doesn't work
Q. Can I request for customisation on your extensions?
A. Yes we do provide all sort of customisation for our clients at the reasonable rates. And if we believe the customisation will help our product then we also provide great discount on the customisation
Q. I have two live domains, do I need a separate license key for each live domain?
A. Yes you need to buy a separate license key for each live domain (www.site.com) or sub-domain (de.site.com) or subfolder (www.site.com/de). If you are buying licenses for more than four live sites in one transaction then we can offer you 30% discount on total amount
Q. How can I upgrade my extension to the latest version?
A. If your extension is within the free upgrade period (12 months from purchased date) then simply email us with your order number and our team will send you the latest version of the extension but if it is outside free upgrade period then you need to buy an upgrade using the following link
https://www.scommerce-mage.com/magento-extension-installation-service.html

Once you received the latest version of our extension then we would highly recommend to delete all the files and folder of our extension from your website first before uploading the latest version because we might have removed existing files and keeping existing files could cause problems on your website.
Q. Does my license get expired after certain period?
A. No, your license is not going to get expired but we would highly recommend upgrading to get all the latest fixes (including security fixes if any), improvements and new features. In the upgrade, we also ensure it is compatible with the latest version of Magento and when you upgrade you will have a smooth transition.

Change Log

Version 1.1.6
2022-10-27 07:53:22
PHP 8 support added, along with making sure guest users can save cookie preferences without logged in. Applied the same for data layers when GTM is getting used instead of cookies.
Version 1.1.5
2022-09-29 06:06:00
Removed ajax refresh after cookie accept
Version 1.1.4
2022-09-27 14:05:56
Page refresh removed Enabling GTM or FB snippets when responsible cookie is accepted
Version 1.1.3
2022-05-31 09:56:30
Fixed issue related to cookie message not appearing on mobile devices
Version 1.1.2
2022-03-31 16:11:24
Fixed minor bug related to cookie popup not showing unless you click cookie preference multiple times
Version 1.1.1
2021-11-19 13:04:49
Made it compatible with PHP version 7.4
Version 1.1.0
2021-10-25 18:29:48
Changed code to remove quote immediately instead of keeping the quote and anonymising it. Changed style of "Accept" button on the frontend to look more prominent for customers. Also allows cookie policy link to be anywhere in the message instead of at the end.
Version 1.0.14
2021-08-04 11:38:50
Fixed cookie setting link which was throwing 404 error on all other pages than homepage
Version 1.0.13
2021-07-12 10:47:52
Instead of using knockout to render cookie popup message, we are using pure PHP rendering to improve performance. Also removed choice.min.js file as it was redundant file and could cause issue in production mode.
Version 1.0.12
2021-01-11 11:45:25
Added PHP 7.4 support to the module
Version 1.0.11
2020-09-30 13:05:10
Fixed Cookie choices issue
Version 1.0.10
2020-03-20 12:17:06
iPhone styling fix, removed return true from license key check and change license from GPL to Commercial. Removed extra dependencies, added PHP 7.3 support and core is not using wildcard asterisk
Version 1.0.9
2019-12-30 12:06:20
Fixed minor issues
Show More
Show Less

Reviews 11

Write Your Own Review
Write a Review
You may also like