GdprDataSubject Module
Overview
The GdprDataSubject module implements all data subject rights required by GDPR, including the right to access, rectification, erasure, and data portability. It provides both customer self-service and admin approval workflows.
Features
- Right to Access (data export)
- Right to Erasure (account deletion)
- Right to Rectification (data correction)
- Right to Data Portability
- Guest user requests
- Admin approval workflow
- Automated anonymization
- Request status tracking
- Email notifications
Configuration
Path: Stores > Configuration > GDPR Compliance > Data Subject Rights
General Settings
| Setting | Description | Default |
|---|---|---|
| Enable Data Requests | Allow customers to submit requests | Yes |
| Guest Requests Enabled | Allow non-registered users to request | Yes |
| Request Approval Required | Admin must approve deletion requests | Yes |
| Auto-approve Export Requests | Automatically process data exports | Yes |
| Admin Notification Email | Email for request notifications | store email |
Export Settings
| Setting | Description | Default |
|---|---|---|
| Export Format | JSON, CSV, or Both | Both |
| Include Order History | Add orders to export | Yes |
| Include Address Book | Add addresses to export | Yes |
| Include Wishlists | Add wishlists to export | Yes |
| Include Reviews | Add product reviews to export | Yes |
| Export Link Expiry | Days before download link expires | 7 |
Deletion Settings
| Setting | Description | Default |
|---|---|---|
| Deletion Method | Anonymize or Hard Delete | Anonymize |
| Retain Order History | Keep order data (anonymized) | Yes |
| Require Reason | Customer must provide reason | No |
| Cooling Off Period | Days before processing deletion | 14 |
| Deletion Confirmation | Require email confirmation | Yes |
Anonymization Settings
| Setting | Description | Default |
|---|---|---|
| Anonymization Method | How to anonymize data | Randomize |
| Anonymize Email Format | Pattern for anonymized emails | deleted-{id}@anonymized.local |
| Anonymize Name Format | Pattern for anonymized names | Deleted User {id} |
| Keep Customer ID | Preserve customer ID number | Yes |
| Anonymize IP Addresses | Remove IP from logs | Yes |
Customer Self-Service
Accessing Data Rights Portal
Customers access requests at: Customer Account > My Account > Privacy Settings > Data Rights
Submitting Data Export Request
- Navigate to Data Rights portal
- Click "Request My Data"
- Select export format (JSON/CSV)
- Confirm email address
- Submit request
Processing: - If auto-approve enabled: Immediate processing - Email sent when ready (within 24-48 hours) - Download link valid for 7 days (configurable)
Submitting Deletion Request
- Navigate to Data Rights portal
- Click "Delete My Account"
- Read warning about consequences
- Optionally provide reason
- Confirm with password
- Submit request
Processing: - Cooling off period (14 days default) - Admin approval (if required) - Email confirmation before processing - Final deletion email sent
Submitting Rectification Request
- Navigate to Data Rights portal
- Click "Correct My Data"
- Select data field to correct
- Provide correct information
- Explain reason for correction
- Submit request
Processing: - Admin reviews request - Approves or requests more information - Updates data if approved - Confirmation email sent
Guest User Requests
URL: /gdpr/guest/datarequest
- Provide email address
- Verify email ownership (confirmation code)
- Select request type
- Submit request
- Receive status updates via email
Admin Request Management
Viewing Requests
Navigate to: GDPR > Data Requests
Grid shows: - Request ID - Customer name/email - Request type - Status - Submission date - Due date
Request Statuses
| Status | Description |
|---|---|
| Pending | Awaiting admin review |
| Approved | Admin approved, processing |
| Processing | Currently being processed |
| Completed | Successfully completed |
| Denied | Admin denied request |
| Expired | Request expired (customer inaction) |
| Cancelled | Customer cancelled request |
Processing Export Request
- Open request from grid
- Review customer information
- Click "Generate Export"
- Download and review data
- Click "Send to Customer"
- Customer receives download link
Automated Processing: If auto-approve enabled, happens automatically within hours.
Processing Deletion Request
- Open request from grid
- Review customer history
- Active orders
- Pending returns
- Open tickets
- Verify cooling off period passed
- Check for legal holds
- Click "Approve" or "Deny"
- If approved, deletion processes
- Customer notified of completion
What Gets Deleted/Anonymized:
| Data | Action |
|---|---|
Anonymized to deleted-{id}@anonymized.local |
|
| Name | Changed to Deleted User {id} |
| Phone | Removed |
| Addresses | Deleted |
| Password | Removed |
| Wishlist | Deleted |
| Reviews | Anonymized author |
| Newsletter | Unsubscribed |
| Consents | Logged as withdrawn, then anonymized |
| Login Attempts | Cleared |
| Customer Attributes | Cleared |
What Gets Retained:
| Data | Reason |
|---|---|
| Order History | Legal/accounting requirements (anonymized) |
| Invoice Data | Tax compliance (anonymized customer details) |
| Transaction Records | Financial regulations |
| Return History | Fraud prevention |
| Customer ID | Database integrity |
Processing Rectification Request
- Open request from grid
- Review requested changes
- Verify legitimacy of request
- Click "Edit Customer Data"
- Make corrections
- Click "Approve and Update"
- Customer notified of changes
Bulk Actions
Select multiple requests and: - Approve all - Deny all - Export list - Delete completed requests
Automated Anonymization
Path: Stores > Configuration > GDPR > Automation
Automatically anonymize inactive accounts:
| Setting | Description | Default |
|---|---|---|
| Enable Auto-Anonymization | Automatically process inactive accounts | No |
| Inactive Period | Days of inactivity before anonymization | 90 |
| Order Period | Days before anonymizing order data | 120 |
| Exclude Active Orders | Don't anonymize with pending orders | Yes |
| Send Warning Email | Email before anonymization | Yes |
| Warning Period | Days before warning | 7 |
Anonymization Schedule
Runs via cron: gdpr/automation/anonymize
Default: Daily at 2:00 AM
Manual Anonymization
Navigate to: GDPR > Data Requests > Anonymize Inactive
- Select date range
- Preview accounts to anonymize
- Execute anonymization
- Review log
Email Notifications
Customer Emails
- Request Received - Confirmation of submission
- Request Approved - Admin approved request
- Request Denied - Admin denied with reason
- Export Ready - Download link for data export
- Deletion Warning - Before account deletion
- Deletion Complete - Confirmation of deletion
- Anonymization Warning - Before auto-anonymization
Admin Emails
- New Request - Alert when customer submits request
- Request Due - Reminder for pending requests
- Batch Complete - Auto-anonymization completed
Customizing Email Templates
Navigate to: Marketing > Email Templates
Search for: "GDPR"
Available templates:
- gdpr_data_export_request
- gdpr_data_export_ready
- gdpr_deletion_request
- gdpr_deletion_approved
- gdpr_deletion_denied
- gdpr_deletion_complete
- gdpr_rectification_request
- gdpr_anonymization_warning
API Integration
REST API endpoints:
POST /rest/V1/gdpr/data-request/export
POST /rest/V1/gdpr/data-request/delete
POST /rest/V1/gdpr/data-request/rectify
GET /rest/V1/gdpr/data-request/status/:requestId
GET /rest/V1/gdpr/customer/:customerId/export
DELETE /rest/V1/gdpr/customer/:customerId
Best Practices
Request Processing
- Respond to requests within 30 days (GDPR requirement)
- Set up email notifications for new requests
- Review requests daily
- Document reasons for denials
Data Export
- Auto-approve export requests when possible
- Verify identity for sensitive data
- Set reasonable expiry on download links
- Test export format regularly
Deletion Requests
- Always use cooling off period
- Check for active orders/returns
- Document legal basis for retention
- Prefer anonymization over hard deletion
Anonymization
- Test anonymization on staging first
- Exclude customers with active legal matters
- Send warning emails before processing
- Keep detailed logs of anonymization
Compliance
- Respond within 30 days
- Verify identity for all requests
- Document reasons for delays
- Train staff on request procedures
- Audit request handling quarterly
Troubleshooting
Export not generating
Check: - Cron is running - Sufficient disk space in var/export - PHP memory limit sufficient - Customer has data to export
Deletion not processing
Verify: - Cooling off period passed - Admin approved request - No legal holds on account - Cron jobs running
Emails not sending
Ensure: - Email templates exist - SMTP configured correctly - Queue consumer running - Email address valid
Guest requests not working
Check: - Guest requests enabled - Email verification working - CAPTCHA not blocking - Form validation passing
Related Modules
- GdprDataSubjectHyva - Hyvä theme compatibility
- GdprAutomation - Automated anonymization
- GdprPrivacyCenter - Customer privacy dashboard
- GdprAdmin - Admin request management