Magento GDPR Extension

version #1.4.3
6 Review(s)

The Magento GDPR extension is aimed at making your website ready for the General Data Protection Regulation (GDPR). It helps to protect the rights of both the merchants (data controllers) and Magento site visitors.

  • Ensures compliance with GDPR rules: the right to be informed, to erasure, to restrict processing, to object, to access personal data.
  • Visitors can use the Privacy Center dashboard to download or erase personal data, view Privacy Policy, Cookie Policy and contact Data Protection Officer.
  • Merchants can enable cookie consent notice, view download and erasure requests, manage customer consents and setup notifications.
  • CE: 1.6.x - 1.9.x
    EE: 1.12.x - 1.14.x
  • 100%
    Open Code
  • 60 Days
    Refund Policy
  • Free
    Lifetime Updates
  • CE: 1.6.x - 1.9.x
    EE: 1.12.x - 1.14.x
  • 100%
    Open Code
  • 60 Days
    Refund Policy
  • Free
    Lifetime Updates

Key Features of Magento GDPR Extension

This Magento plugin helps companies that do business in the European Union or offer goods or services directly to individuals in the EU to make their store compliant with major GDPR rules.

All-In-One GDPR Solution for Magento

  • GDPR Magento Extension introduces the Privacy Center Dashboard that was designed to display all GDPR options in one place.
  • Customers can view your Privacy Policy and Cookie Policy, contact the Data Protection Officer (DPO), Update their Email Preferences, Download Account Data and Delete their Accounts.
  • GDPR module integrates with your existing Privacy Policy, Cookie Policy and other CMS Pages and records a full history of changes (including document version, CMS page content, date and admin full name)

Download Customer Account Data

  • Customers can download an archive of their account data (customer information, addresses, full order history, reviews, price and stock alerts, products in cart, wishlist, compared products, etc)
  • Downloading customer information is a password-protected process that only customer will have access to. They will receive information in Spreadsheet (Excel, CSV) file format, which could allow another service to more easily import it.
  • Admin can keep track of all download requests from Magento backend.
  • Built-in API support allows you to download data from third party applications.

Permanently Delete & Anonymize Customer Account

  • Customers can request to permanently erase all personal information from your store. Accounts will be automatically deleted within 24 hours after the removal request was submitted.
  • Customers can cancel a removal request by logging in before the account is permanently deleted.
  • Admin can view full log of account removal requests from Magento backend and cancel them if necessary.
  • Built-in API support allows you to delete or anonymize data from third party applications.

Magento Cookie Restriction Notice

  • Display a Cookie Restriction Notice at your Magento store and conveniently edit notice text from the Magento configuration.
  • The users will have a choice of whether to opt-in or not. Cookies will be used only after the user clicks on “Accept Cookies” button.
  • GDPR module allows you to setup Google Tag Manager to prevent execution of your third party services before cookie consent is given.

Consent Management

  • Add your consent checkboxes (such as "I agree to the Privacy Policy" or "I agree to the TOS", etc) on the registration page, checkout page and newsletter subscription page directly from the backend. You can also add consent checkboxes manually using our developer's guide.
  • All customers who opted-in to to these policies can be tracked via Magento consent log. Log of customer consents includes following data: customer name, email, consent location, link to the policy page, document version, date, IP, etc.

Geo Targeting

  • Plumrocket GDPR now includes GeoIP functionality, allowing it to detect the country where your viewer is located and personalize the content for that viewer.
  • Store owners can enable Cookie Notice and Consent Checkboxes to European Union visitors only and disable them for the rest of the world. Admin can configure this feature for each country separately or for all at once.
  • Merchants who work with international clients will greatly benefit from the GeoIP restrictions in GDPR extension.

Popup and Email Notifications

  • Schedule popup notifications and display popup window to all customers upon successful login. Request customer consent to the updated versions of the "Privacy Policy", TOS, Cookie Policy or any other agreement.
  • Notify users by email when their account data was successfully downloaded or a removal request created.

Compatible with Custom & Third party Magento themes

  • Magento GDPR was designed to work flawlessly on any third party Magento theme. Whether it is your own custom theme or a popular theme like Ultimo, Shopper, Fortis, etc. – it supports them all.
  • Compatible with the latest Community and Enterprise Editions of Magento 2 Ecommerce Platform.

Magento GDPR Extension Overview

GDPR Module from Plumrocket is an all-in-one GDPR solution for Magento that comes with easy to use Privacy Center Dashboard and flexible admin settings to ensure the GDPR compliance of your store.

All Features:

  • Features for Customers
    • Privacy Center Dashboard
      • Magento GDPR extension adds a new section in the Magento Customer Account - “Privacy Center” with a list of GDPR options and Privacy FAQ.
      • In the Privacy Center dashboard, the customer can choose to view the Privacy Policy, Cookie Policy, contact the Data Protection Officer (DPO), Update Email Preferences, Download Account Data and Erase their Accounts.
    • Account Data Download
      • Customers can download their account data as per GDPR Articles 15 and 20 – “Right of access” and “Right to data portability”. The data will be provided in both human-readable and machine-readable format (Excel, CSV). Customers can later transmit their personal data to another controller (ecommerce store or another location).
    • Account Data Removal
      • Users can request to remove their personal data from your store. Article 17 of GDPR “Right to erasure (‘right to be forgotten’)” allows them to do so. Within 24 hours all personal data will be automatically deleted and anonymized if removal requests are not canceled by the Admin or a Customer.
      • Customers can cancel data removal requests when they sign-in into their account within 24 hours after the data removal request was submitted.
      • GDPR plugin will prevent customers with pending orders from deleting their account until all orders are completed or canceled.
      • All account removal requests and data download requests are password-protected to ensure the security of customer accounts.
    • Cookie Restriction Notice
      • As per “Recital 30” of GDPR, cookies “may be used to create profiles of the natural persons and identify them”, therefore the users must have a choice whether to opt-in or not.
      • With the Cookie Policy bar enabled, customers can choose whether to allow usage of all non-essential cookies. All essential cookies required for proper functioning of Magento store will continue to work. While all non-essential cookies, such as those used for analytics, cookies from advertisers or third parties, including affiliates and those that identify a user when he returns to the website will not be used until the consent is provided.
    • GDPR Consent & Opt-In
      • Customers can provide consent to the Privacy Policy, Cookie Policy or any other Policy on the account registration page, checkout page and newsletter subscription pages.
    • Popup and Email Notifications
      • Customers can be notified about any policy update via popup notification.
      • Transactional emails are used to notify customers about all account removal requests and data download requests.
  • Features for Merchants
    • General Configuration
      • Magento Admin can configure the Privacy Center Dashboard, Account Removal Settings, GDPR Email settings, Consent Checkboxes, Cookie Consent Notice and Google Tag Manager settings.
    • Account Data Download
      • The following data can be downloaded from the Customer Account in CSV file format - customer information, addresses, full order history, reviews, price and stock alerts, products in cart, wishlist, compared products, etc
      • Additional information can be exported from Magento using the provided API. Follow our developer’s guide if you need to include customer data from your third-party extensions in the downloadable ZIP archive.
      • Admin can track all account download requests via “Log of Account Data Downloads” in Magento Admin.
    • Account Data Removal
      • Magento order history will be anonymized and kept in database as “Guest Orders” for accounting purposes
      • By default, the GDPR extension will delete all personal data and anonymize Magento Orders. However, the provided GDPR API allows you to change default settings and anonymize all customer data instead of deleting it.
      • Admin can cancel all pending data removal requests directly from the “Log of Account Removal Requests”.
      • Admin can specify a custom Anonymization Key to be used during the anonymization process of customer data.
    • Cookie Restriction Notice
      • The extension uses the native Magento “Cookie Restriction Mode” functionality to display Cookie Restriction Notice Block.
      • Added functionality allows you to conveniently change the Notice text and Button label from the backend, as well as display a redesigned cookie bar in the bottom section of your site.
      • Google Tag Manager can be used to load all non-essential javascripts only after the explicit consent to allow cookies is provided by the visitor.
      • NEW! Use GeoIP Restrictions functionality to display Cookie Notice to visitors from EU countries only.
    • GDPR Consent & Opt-In
      • Article 7 of GDPR, “Conditions for consent”, requires that “the controller shall be able to demonstrate that the data subject has consented to processing of his or her personal data.” Therefore the Plumrocket GDPR extension allows admin to add custom consent checkboxes in multiple locations on Magento frontend and track all customer consents via “Log of Customer Consents” in the Magento backend.
      • NEW! Each Consent Checkbox can be separately configured to be displayed only to visitors from the European Union or any other country.
    • GDPR Settings in CMS Pages
      • Admin can continue using standard CMS Pages for Privacy Policy, Cookie Policy, Terms of Service or any other policy page.
      • GDPR functionality will be automatically integrated in all CMS pages and can be enabled for each page separately.
      • Admin can enable versions for specific CMS pages and view revision history.
      • Admin can enable versions for specific CMS pages and view revision history.Admin can enable popup notifications and notify customers about policy updates upon successful login. This is useful when asking customers to agree to the updated version of the "Privacy Policy", TOS, Cookie Policy or any other agreement.
    • Popup and Email Notifications
      • Admin can enable popup policy updates from CMS pages
      • Extension intercepts all login & registration attempts via Social Login (Facebook Login, Twitter Login, or other social networks) and displays Popup Notification requiring customers to agree before using the website.
      • Admin can configure GDPR Email settings from the configuration page. Choose email sender name, address and transactional email templates.
  • 100% open code Magento 1 extension

Magento GDPR Extension Reviews

Every customer will automatically receive a 100 reward points for each approved review. To submit your review please

Write a Review
  • Best GDPR extension and good support
    I'm using it on:,
    Fiorita Vittoria posted on June 07, 2019. Review for Magento 2.x
    Perfect fits GDPR needs, the extension didn't cause any problems after installation. Some fix needed, resolved in 3 days by Plumrocket team with ticket support.
  • Great and no issues
    I'm using it on:
    chris taylor posted on April 13, 2019. Review for Magento 2.x
    Only reason for a 4 star the price as always is a bit much with them.
    Only complaint about plum rocket is they seem lazy on maintaining extensions any times you will buy it and is out dated and needs fixing on their end, they do get it fixed within 3 or so days but instead of maintaining them they wait for clients to raise an issue.
  • Great GDPR extension
    I'm using it on:
    Jerome FC posted on February 07, 2019. Review for Magento 1.x
    I have installed GDPR extension and works like a charm. The plug in is very simple to use and it supports Ultimo and Porto themes
    Essential for the management and protection of European customer data
  • It is my favorite GDPR extension
    I'm using it on:
    Teodor Tihin posted on January 07, 2019. Review for Magento 2.x
    This is my second extension from Plumrocket and it works like a charm, like the first one.
    It is highly customizable and covers all my GDPR needs.
    I lost many hours in discovering until I found this.
    I recommend it!
  • Highly suggested
    Frankie Sutton posted on September 10, 2018. Review for Magento 1.x
    Since the General Data Protection Regulation has been implemented a couple of month ago, our company had to comply with it. This plugin is very good, simple and our customers from Europe are already using it for downloading personal data and other features.

    The user interface is very clear and it works just fine with our template. Like every other extension designed by Plumrocket this GDPR extension works incredibly. Thank you
  • Best GDPR extension
    Cary Craig posted on July 31, 2018. Review for Magento 1.x
    This is our first purchase from Plumrocket and I must say that we are impressed by this GDPR extension and the top-notch support they provided. The module works flawlessly out of the box and does all that it should. Now the process of managing customer data according to the new regulation law that has recently came into force will be much more easier.
Your honest feedback
helps other visitors
in selecting their products
earns you a $10 in rewards
for each submitted review!
Write a Review

Magento GDPR Extension FAQ

  • When does GDPR come into force?

    The General Data Protection Regulation (GDPR) comes into effect on May 25, 2018.

  • How do I know if General Data Protection Regulation (GDPR) is applicable to my business?

    GDPR applies to your business if your company does business in the European Union or offers goods or services directly to individuals in the EU. So, for example if your company is located in the USA and doing business or processing the data of any individuals within the EU, you must comply with GDPR.

    Here is the list of countries in the EU affected by this regulation:

    • Austria
    • Belgium
    • Bulgaria
    • Croatia
    • Republic of Cyprus
    • Czech Republic
    • Denmark
    • Estonia
    • Finland
    • France
    • Germany
    • Greece
    • Hungary
    • Ireland
    • Italy
    • Latvia
    • Lithuania
    • Luxembourg
    • Malta
    • Netherlands
    • Poland
    • Portugal
    • Romania
    • Slovakia
    • Slovenia
    • Spain
    • Sweden
    • United Kingdom
  • How do I make my Magento store fully GDPR compliant?

    Please review the following GDPR checklist to determine if your Magento store is fully GDPR compliant:

    • Install the Plumrocket GDPR extension for Magento
    • Map your data - establish what data your business collects and where. This may include any third-party extensions or services your company is using. 
      • Contact the third party services you are using to confirm that they are fully GDPR compliant
      • Contact vendors of the third-party extensions you are using, to ensure that their extensions are GDPR compliant. Ask them if their extensions record any personal customer data in your Magento database. If they collect any personal data, they may become GDPR compliant by integrating their plugins with Plumrocket GDPR Extension using the provided API. 
    • Update your Privacy Policy. Ensure your privacy policy is updated to address the GDPR. Describe what, why and how you collect and use personal information of your customers, how you protect it and how customers can contact you.
    • Make your consent process clear, specific and transparent. Use the built-in consent functionality of Plumrocket GDPR extension to ensure that all customer opt-ins are recorded in the consent log.
    • Update your Cookie Policy and enable Magento cookie notice. 
    • Name a Data Protection Officer (DPO). It is a good business practice to appoint someone responsible for data protection within your company. Specify the email of the DPO in Plumrocket GDPR extension settings.
    • Put security measures in place:
      • Ensure your website is using HTTPS.
      • Guard against data breaches.
      • Store and process the information you collect on computer systems with limited access, which are located in controlled facilities. Ensure that your webhosting uses best-practice physical, environmental and digital security systems.
  • How does GDPR translate into my language?
    • Danish - Persondataforordningen
    • Dutch - Algemene verordening gegevensbescherming (AVG)
    • Bulgarian - Общият регламент относно защитата на данните (ОРЗД)
    • Croatian - Opća uredba o zaštiti podataka (GDPR)
    • Czech - Obecné nařízení o ochraně osobních údajů (ONOOÚ)
    • Estonian - Isikuandmete kaitse üldmäärus
    • Finnish - Yleinen tietosuoja-asetus
    • French - Règlement général sur la protection des données (RGPD)
    • German - Datenschutz-Grundverordnung (DSGVO)
    • Hungarian - Általános adatvédelmi rendelet
    • Irish - An Rialachán Ginearálta maidir le Cosaint Sonraí
    • Italian - Regolamento generale sulla protezione dei dati
    • Latvian - Vispārīgā datu aizsardzības regula
    • Polish - Ogólne rozporządzenie o ochronie danych (RODO)
    • Portuguese - Regulamento Geral sobre a Proteção de Dados (RGPD)
    • Slovak - Všeobecné nariadenie o ochrane osobných údajov
    • Slovenian - Splošna uredba o varstvu podatkov
    • Spanish - Reglamento General de Protección de Datos (RGPD)
    • Swedish - Dataskyddsförordningen, allmänna dataskyddsförordningen, DSF
    • Ukrainian - Загальний регламент про захист даних
  • Which Cookies Are Disabled by Plumrocket GDPR Extension?

    The Recital 30 of the GDPR states: 

    Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

    The idea is relatively simple: cookies can be used to uniquely identify a person, therefore they should be treated as personal data. It will affect those identifiers used for analytics and advertising, but also those used for functional services like chats and surveys.

    However, there is a difference between cookies. Cookies that are essential for normal website functioning cannot be disabled. The non-essential cookies should be disabled. The Plumrocket GDPR extension uses native Magento "Cookie Restriction Mode" functionality which, by default, allows only essential cookies to be created. The essential cookies are those necessary for providing the information requested by the user. All the other cookies are considered non-essential. Included here are identifiers used for analytics, cookies from advertisers or third parties, including affiliates and those that identify a user when he returns to the website. The GDPR is meant to target the non-essential category.

    The essential Magento cookies are strictly necessary for the normal website functions. These cookies cannot be switched off because the Magento store wouldn’t work properly anymore. However, these identifiers do not store any personal data. Try disabling ALL cookies in Magento and your website will become unusable. Customers will not be able to add products to a cart, login, etc.. 

    To summarize - the Plumrocket GDPR Extension will block all non-essential cookies until visitor consent is given. Only after the visitor consent is given (eg: "Allow Cookies" button is pressed), will the non-essential cookies will be created. 

Change Log of Magento GDPR Extension

Legend:  - new feature - bug fix

v1.4.3 - 01 May, 2019

  • Fixed issue with a possibility for a guest to visit "My Consents" page

v1.4.2 - 10 Jan, 2019

  • Minor changes and improvements
  • Minor bug fixes

v1.4.1 - 14 Dec, 2018

  • Improved support of Varnish/FPC
  • The simplified custom display of consent check boxes on any page
  • Fixed error that occurred if all check boxes are removed on the configuration page

v1.4.0 - 29 Nov, 2018

  • Added possibility to set custom position for сonsent checkboxes
  • Added My consents page
  • Added possibility to Decline Cookie
  • Added support of Ultimo and Porto themes
  • Minor improvements

v1.3.0 - 23 Oct, 2018

  • Add new position where checkboxes can be located - Contact Us page
  • Added a possibility to make checkboxes optional
  • Minor changes and improvements

v1.2.0 - 15 Oct, 2018

  • Added support of Magento Enterprise data
  • Improved cookie consent logging
  • Fixed error of CMS pages content retrieval for the popups in the Single-Store Mode
  • Minor changes and improvements

v1.1.0 - 20 Sep, 2018

  • Added integration with Plumrocket GeoIP Lookup Magento extension
  • Added tracking of cookies consent in admin logs
  • Added integration with One Step Checkout Plumrocket extension
  • Minor bug fixes and improvements

v1.0.0 - 19 Jul, 2018

  • Released GDPR Magento Extension