Skip to content

Usage Guide

Common Tasks and Workflows

Initial Setup

1. Post-Installation Configuration

After installing the GDPR Suite, follow these steps:

  1. Enable GDPR Features
  2. Navigate to Stores > Configuration > GDPR Compliance > General
  3. Enable GDPR Suite
  4. Set your admin email

  5. Configure compliance mode (EU only or Global)

  6. Configure Privacy Policy

  7. Go to GDPR > Privacy Policies > Add New
  8. Create your privacy policy version 1.0.0

  9. Link to your CMS privacy policy page

  10. Set Up Cookie Banner

  11. Navigate to Stores > Configuration > GDPR > Cookie Management
  12. Enable cookie banner
  13. Customize banner text and buttons

  14. Configure cookie categories

  15. Create Consent Definitions

  16. Go to GDPR > Consent Definitions > Add New

  17. Create consents for your forms (see examples below)

  18. Test on Frontend

  19. Clear cache
  20. Visit your store as a customer
  21. Test cookie banner
  22. Test form consents
  23. Submit a test data request

Newsletter Subscription: 

Identifier: newsletter_marketing
Title: Newsletter Marketing Communications
Description: I agree to receive marketing emails including promotions,
             product updates, and special offers.
Version: 1.0.0
Form Locations: Newsletter Subscription (Required)

Contact Form: 

Identifier: contact_form_data
Title: Contact Form Data Processing
Description: I agree that my contact form submission will be processed
             to respond to my inquiry.
Version: 1.0.0
Form Locations: Contact Form (Required)

Account Registration: 

Identifier: account_terms
Title: Terms and Conditions
Description: I have read and accept the terms and conditions.
Version: 1.0.0
Form Locations: Customer Registration (Required)

Checkout Marketing: 

Identifier: checkout_marketing
Title: Marketing Communications
Description: I would like to receive promotional offers via email.
Version: 1.0.0
Form Locations: Checkout (Optional)
Default Checked: No

Daily Operations

Processing Data Export Requests

  1. Navigate to GDPR > Data Requests
  2. Filter by Type: "Export"
  3. Open pending request
  4. Review customer information
  5. Click "Generate Export" (or auto-processed)
  6. Download and review exported data
  7. Click "Send to Customer"
  8. Customer receives download link via email

Timeline: Should be completed within 30 days (GDPR requirement)

Processing Deletion Requests

  1. Navigate to GDPR > Data Requests
  2. Filter by Type: "Delete"
  3. Open pending request
  4. Important checks:
  5. Cooling off period passed (14 days default)
  6. No active orders
  7. No pending returns
  8. No open support tickets
  9. No legal holds
  10. Review customer history
  11. Click "Approve" or "Deny" with reason
  12. If approved, anonymization begins
  13. Customer notified upon completion

What happens: - Customer data anonymized - Email changed to deleted-{id}@anonymized.local - Name changed to Deleted User {id} - Addresses removed - Order history retained but anonymized

  1. Navigate to GDPR > Consent Logs
  2. Filter by:
  3. Date range
  4. Consent type
  5. Customer email
  6. Acceptance status
  7. Export logs:
  8. Select logs
  9. Click "Export to CSV"
  10. Use for compliance audits

Retention: Logs kept per configuration (default: 7 years)

Monthly Maintenance

  1. Navigate to GDPR > Dashboard
  2. Review statistics:
  3. Consent acceptance rates
  4. Mostdeclined consents
  5. Trend analysis
  6. Action items:
  7. Update confusing consent language
  8. Adjust default states
  9. A/B test consent wording

Audit Data Requests

  1. Navigate to GDPR > Data Requests
  2. Generate monthly report:
  3. Total requests received
  4. Average response time
  5. Approved vs. denied ratio
  6. Types of requests
  7. Identify improvements needed
  1. GDPR > Cookie Categories
  2. Audit each category:
  3. Remove unused scripts
  4. Update cookie descriptions
  5. Verify script blocking works
  6. Test cookie preferences on frontend

Updating Privacy Policy

When your privacy policy changes:

  1. GDPR > Privacy Policies > Add New
  2. Increment version (e.g., 1.0.0 → 2.0.0)
  3. Document changes
  4. Save new version

What happens automatically: - Customers notified of update - Re-acceptance required on next login - Old version archived - Acceptance tracking starts for new version

When consent terms change:

  1. GDPR > Consent Definitions
  2. Edit existing consent
  3. Update description if needed
  4. Increment version (e.g., 1.0.0 → 1.1.0)
  5. Save

What happens automatically: - Customers see re-consent request - Previous consents remain logged - New version tracked separately - Email notification sent (if enabled)

Handling Customer Inquiries

Customer Can't Find Privacy Settings

Solution: Send them direct link: https://yourstore.com/customer/account/privacy

Options: 1. Self-service: Customer Account > Privacy Settings > My Consents > Withdraw 2. Admin: GDPR > Consent Logs > Find Customer > Withdraw

Customer Didn't Receive Export

Troubleshooting: 1. Check spam folder 2. Verify email address correct 3. Check download link expiry (default: 7 days) 4. Regenerate and resend from admin

Customer Wants to Cancel Deletion

During cooling off period: 1. GDPR > Data Requests 2. Open deletion request 3. Status change to "Cancelled" 4. Notify customer

After processing: - Cannot be reversed - Explain to customer - Document in support ticket

Setting Up Automated Anonymization

For compliance with data retention policies:

  1. Stores > Configuration > GDPR > Automation
  2. Enable Auto-Anonymization
  3. Set Inactive Period (recommend: 90-180 days)
  4. Set Order Period (recommend: 120 days)
  5. Enable warning emails
  6. Set warning period (recommend: 30 days)

Process: - Cron runs daily at 2:00 AM - Identifies inactive accounts - Sends warning email - Waits warning period - Anonymizes account - Logs action

Best practice: Test on staging first with short periods

Configuring GeoIP Rules

Apply different rules by location:

  1. Stores > Configuration > GDPR > Geographic
  2. Enable GeoIP Detection
  3. Select GeoIP Service (MaxMind recommended)
  4. Configure EU countries list
  5. Enable Strict Mode (EU only) if desired

Use cases: - Show cookie banner only to EU visitors - Require consent only for EU customers - Different policies per region

Multi-Store Setup

Different GDPR settings per store:

  1. Switch to store view scope
  2. Uncheck "Use Website" for settings to customize
  3. Configure store-specific:
  4. Privacy policy (different languages)
  5. Cookie banner text (translated)
  6. Consent definitions (localized)
  7. Email templates (language-specific)

Example: - German store: German privacy policy, strict cookie consent - UK store: English privacy policy, standard consent - US store: English privacy policy, informational banner only

Troubleshooting Common Issues

  1. Check: Stores > Configuration > GDPR > Cookie Management > Enable
  2. Clear cache: php bin/magento cache:flush
  3. Check customer already gave consent (LocalStorage)
  4. Verify store view scope

Consents Not Tracking

  1. Check browser console for JavaScript errors
  2. Verify form has correct identifier
  3. Ensure consent definition is enabled
  4. Check form location configuration matches

Data Export Fails

  1. Check cron is running: php bin/magento cron:run
  2. Verify disk space available
  3. Check PHP memory limit
  4. Review var/log/gdpr.log

Emails Not Sending

  1. Test general email: Stores > Configuration > General > Store Email
  2. Check email queue: php bin/magento queue:consumers:list
  3. Start consumer: php bin/magento queue:consumers:start gdprEmailQueue
  4. Review exception.log

Best Practices

Response Times

  • Aim to respond to requests within 7-14 days
  • Maximum 30 days (GDPR requirement)
  • Set up daily admin email notifications

Documentation

  • Keep audit trail of all requests
  • Document reasons for denials
  • Save export files for 30 days
  • Quarterly compliance review

Staff Training

  • Train all staff on GDPR procedures
  • Document internal processes
  • Regular refresher training
  • Assign GDPR coordinator

Testing

  • Monthly test of data export
  • Quarterly test of deletion process
  • Annual full audit
  • Test all forms for consent tracking

Security

  • Limit admin access to GDPR features
  • Enable two-factor authentication
  • Log all admin actions
  • Regular security audits