How to prepare Magento 2 store for GDPR?

How to prepare Magento 2 store for GDPR?

How to prepare Magento 2 store for GDPR?

How to prepare Magento 2 store for GDPR?

Are you working with EU customers and processing their personal data? Have you already acquainted with GDPR? If not, it’s time to do it. Because on May 25, 2018, it will come into force. Otherwise, if your e-store won’t comply with GDPR rules, it’ll be fined for 10-20 million euros or up to 4% of global annual turnover.

What is GDPR?

In a few words, GDPR, or General Data Protection Regulation, is a new regulation in EU law on data protection and privacy relating to all individuals in the European Union. It concerns the exporting, keeping and processing of personal data outside the EU.

To be in line with the new law, every website struggles to be keeping with a number of requirements towards the way they manage private data. Carefully scrutinized the law, we’ve made up a list of features which help online merchants to prepare their stores for GDPR.

If you still haven’t done analysis and don’t know exactly meet your website GDPR rules or not. Simple pre-order GDPR Compliance extension for Magento 2 to start GDPR preparations.

The GDPR Compliance extension for Magento 2

Today we are happy to announce GDPR Compliance extension, which covers the most crucial points for all Magneto 2 extension. With the extension, you can be sure that your store is GDPR compliant.

Main features

Add checkboxes on registration and checkout pages to get consent from customers

According to the GDPR, you have to be fully transparent with your customers when receiving their consent. So, do only one checkbox apply to only one request for a consent? Don’ forget to renew your privacy policy.

The extension allows you to request consent from customers to use their personal information on the registration and checkout pages. To be fully trustworthy with your customers, all checkboxes are unchecked by default and a link to the privacy policy page can be easily attached.

Allow customers to be forgotten

The GDPR requires that full scope of personal customers data should be forgotten/deleted from the system at user’s request. Especially, if these data are not used anymore.

With GDPR Compliance extension you can easily remove personal users data from orders history, invoices, fiscal documents and transactional data. Admin can choose from 3 ways of removing:

1. replace personal data from orders history, invoices, fiscal documents and transactions by fake data

2. delete customer accounts and personal data by a request

3. let customers delete their accounts

Easily get consent from parents to process children personal data

If you offer online services directly to children, the law has a special protection of data children under 16. To keep and process their data, you need to get the consent from parents.

To suit the law, we implement the feature which verifies the age and obtain guardian consent for processing. By default, Magento has a birth date field, when users age is under 16, the system blocks a user account until one of the parents doesn’t confirm the processing of data by email.

Keep customers personal data encrypted

GDPR refers to pseudonymization which transforms personal data in such way that the data cannot be attributed to a particular person without the use of additional information. So, to get the access to personal data, you need to use a special decryption key.

To make sure all personal data is secure and everything recorded safety, the extension is provided with data encryption. This extension allows you to fully anonymize customer data from Customer, Sales, Quotes tables so that you can feel assured that you have met GDPR obligations.

Data portability and right to access

Under the GDPR law, customers can request to provide him with all personal information held about them at any time in common use and machine-readable format. This is known as a subject access request. Business should respond to this request within a month.

To simplify the process, the extension makes it possible to export all customers personal data in CSV format. It means, that you can import all personal data from an admin panel in CSV format. So, you can easily provide customers access to their personal data.

Control the relevance of customers data

Keeping customers data you have to check their relevance and change it if they are inaccurate. When a customer changes the information you hold on them, you must stop contacting the individual using the previously provided details.

The extension lets you set the time how often requests for data updating will be sent to customers. That helps you to take the initiative in information updating. Moreover, you specify the setting one time and don’t think about it anymore.

The extension will be realized in store on 10th May. If you don't want to skip time and prepare your store for the GDPR law in advance, pre-order the GDPR Compliance extension now. The extension compatible with Magento 2.1, 2.2.

Do you have ideas for features or need someone who prepares your store for GDPR, don’t hesitate to contact us


© Extait, 2019