GdprConsent Module
Overview
The GdprConsent module is the heart of the consent management system. It allows you to create dynamic consent types, attach them to specific forms, track consent versions, and maintain a complete audit trail of all consent actions.
Features
- Dynamic consent type creation
- Form-specific consent configuration
- Consent version control
- Complete audit trail with IP tracking
- Automatic re-consent triggers
- Multi-language support
- Required/optional consent per form
- Default checked state configuration
Configuration
Path: Stores > Configuration > GDPR Compliance > Consent Management
General Settings
- Enable Consent Tracking - Enable/disable consent system
- Consent Storage Period - Years to retain consent logs (0 = forever)
- Track IP Addresses - Log IP address with consents
- Require Re-consent on Version Change - Force customers to re-accept when version updates
- Show Consent History - Allow customers to view their consent history
Display Settings
- Show Description Modal - Display detailed consent description in modal
- Modal Link Text - Text for "Learn More" link (default: "Read more")
- Consent Checkbox Position - Before or after form submit button
- Use Custom CSS - Apply custom styling to consent checkboxes
Validation
- Strict Validation - Block form submission if required consents not given
- Validation Error Message - Message shown when required consents missing
- Highlight Missing Consents - Visually highlight unchecked required consents
Creating Consent Definitions
Navigate to GDPR > Consent Definitions > Add New
Basic Information
| Field | Description |
|---|---|
| Identifier | Unique code for the consent (e.g., newsletter_marketing) |
| Title | Customer-facing name (e.g., "Newsletter Marketing") |
| Description | Detailed explanation (supports HTML) |
| Version | Semantic version (e.g., 1.0.0) |
| Status | Enabled/Disabled |
| Sort Order | Display order when multiple consents |
Form Location Settings
Select where this consent appears:
- Contact Form
- Newsletter Subscription
- Customer Registration
- Checkout
For each location, configure: - Required - Make consent mandatory for this form - Default Checked - Pre-check the checkbox - Custom Label - Override title for this specific form
Advanced Settings
- Consent Type - Explicit (checkbox) or Implicit (form submission)
- Legal Basis - Consent, Contract, Legal Obligation, etc.
- Data Processing Purpose - Description of how data will be used
- Data Recipients - Who has access to the data
- Storage Period - How long data is kept
- User Rights - List of rights users have regarding this data
Example Consent Definitions
Newsletter Marketing
Identifier: newsletter_marketing
Title: Newsletter Marketing
Description: I agree to receive marketing communications including promotions,
product updates, and special offers via email.
Version: 1.0.0
Form Locations: Newsletter Subscription (Required)
Legal Basis: Consent
Contact Form Processing
Identifier: contact_form_processing
Title: Contact Form Data Processing
Description: I agree that my contact form submission data will be processed
to respond to my inquiry.
Version: 1.0.0
Form Locations: Contact Form (Required)
Legal Basis: Consent
Marketing Cookies
Identifier: marketing_cookies
Title: Marketing Cookies
Description: I consent to the use of marketing cookies for personalized
advertising and retargeting campaigns.
Version: 1.0.0
Form Locations: Checkout (Optional)
Legal Basis: Consent
Consent Tracking
All consent actions are automatically logged to GDPR > Consent Logs
Log Information
Each log entry includes: - Consent identifier and version - Customer ID (if logged in) or email - Acceptance status (true/false) - Form location - IP address (if enabled) - User agent - Timestamp - Additional data (JSON)
Viewing Consent Logs
Filter by: - Date range - Consent type - Customer email - Acceptance status - Form location
Export options: - CSV export - Excel export - JSON export
Version Management
Updating Consent Version
When you update a consent version:
- Customers who previously accepted see re-consent request
- Previous consent records remain in log
- New version number tracked separately
- Email notification sent (if enabled)
Version History
View complete version history: - All previous versions - Number of acceptances per version - Date each version was active - Changes between versions
Customer View
Customers can view and manage consents at Customer Account > Privacy Settings > My Consents
They can see: - All consents they've given - Consent versions and dates - Ability to withdraw consent - Download consent history
API Integration
REST API endpoints:
POST /rest/V1/gdpr/consent/track
GET /rest/V1/gdpr/consent/customer/:customerId
DELETE /rest/V1/gdpr/consent/:consentId
POST /rest/V1/gdpr/consent/withdraw
Best Practices
Consent Design
- Keep titles clear and concise
- Provide detailed descriptions
- Use plain language, avoid legalese
- Separate different purposes into different consents
Version Management
- Use semantic versioning (MAJOR.MINOR.PATCH)
- Document changes between versions
- Notify users of material changes
- Keep old versions for audit trail
Form Integration
- Only require truly necessary consents
- Don't pre-check optional consents
- Provide easy access to full policy
- Make withdrawal as easy as giving consent
Compliance
- Review consents quarterly
- Audit consent logs regularly
- Document legal basis for each consent
- Train staff on consent management
Troubleshooting
Consents not appearing on forms
Check: - Consent is enabled - Form location is selected - Cache is cleared - Store view scope is correct
Consent not being tracked
Verify: - JavaScript console for errors - Consent tracking is enabled - Form is using proper identifier - Customer consent tracker service is working
Re-consent not triggering
Ensure: - "Require Re-consent on Version Change" is enabled - Version number actually changed - Customer had previous consent recorded - Cache cleared after version update
Related Modules
- GdprConsentHyva - Hyvä theme compatibility
- GdprFrontend - Frontend consent components
- GdprAdmin - Admin interface
- GdprPolicy - Links consents to privacy policies