adexos/module-gdpr

Gdpr Compliance Module for Magento 2

Installs: 2

Dependents: 0

Suggesters: 0

Security: 0

Stars: 0

Watchers: 3

Forks: 39

Type:magento2-module

3.0.0-beta2 2019-03-21 14:23 UTC

README

Latest Stable Version License: MIT

This extension allows customers to delete, anonymize, and export their personal data.

Setup

Magento 2 Open Source or Commerce edition is required.

The Version 3.x is compliant with Magento 2.3.x.
The Version 2.x is compliant with Magento 2.2.x.
The Version 1.x is compliant with Magento 2.1.x.

This module does not support Magento 2.0.x, as this version is not anymore maintained.

Get the package

Zip Package:

Unzip the package in app/code/Opengento/Gdpr.

Composer Package:

composer require opengento/module-gdpr

Install the module

Then, run the following magento command:

bin/magento setup:upgrade

If you are in production mode, do not forget to recompile and redeploy the static resources.

Usage

  • Art. 17 GDPR
    • Account deletion and anonymization can be done in 'My Account > Privacy Settings'.
    • Customers can use their 'right to be forgotten'. The password is required to ensure the customer legibility. The account will be erased within 1 hour, or as specified in configuration. The customer can undo the action in this time span.
  • Art. 20 GDPR
    • Personal data export can be done in 'My Account > Privacy Settings'.
    • Customers can export their data in .zip archive containing file, .html (many others are available), with personal data.
  • Cookie Policy in a disclosure popup are shown at the first time customer visit.

Settings

The configuration for this module is located in 'Stores > Configuration > Customers > Customer Configuration > Privacy (GDPR)'.
The settings are divided as following:

  • General Settings
    • Enable the module
    • GDPR Information CMS Page
    • GDPR Information CMS Block
  • Erasure Settings
    • Enable the feature
    • Erasure Strategy (Anonymize or Delete)
    • Erasure Time Laps
    • Cron Scheduler
    • Right to Erasure Information CMS Block
    • Anonymization Information CMS Block
    • Remove Customer if no Orders
    • Apply Deletion Strategy to specific components
  • Export Settings
    • Enable the feature
    • Export Personal Data Information CMS Block
    • Export Renderer option
    • Customer Attributes to export
    • Customer Address Attributes to export
  • Cookie Settings
    • Enable the cookie disclosure
    • Cookie Policy Information CMS Block

Developers

The following documentation explains how to add your own processors to the workflow.

Extends Export

In order to export your custom component, you must create a new processor.
To create a new processor, you must implement the following interface: \Opengento\Gdpr\Service\Export\ProcessorInterface.
Then, register your processor to the following pool \Opengento\Gdpr\Service\Export\ProcessorPool, as described:

<type name="Opengento\Gdpr\Service\Export\ProcessorPool">
    <arguments>
        <argument name="array" xsi:type="array">
            <item name="my_component" xsi:type="string">\Vendor\Module\ExportProcessor</item>
        </argument>
    </arguments>
</type>

You can also create your custom export renderer to make it as be like you want to be.
To achieve this, you must implement the following interface: \Opengento\Gdpr\Service\Export\RendererInterface
Then, register your renderer to the following pool \Opengento\Gdpr\Service\Export\RendererPool, as described:

<type name="Opengento\Gdpr\Service\Export\RendererPool">
    <arguments>
        <argument name="array" xsi:type="array">
            <item name="my_renderer" xsi:type="string">\Vendor\Module\ExportRenderer</item>
        </argument>
    </arguments>
</type>

Extends Deletion

In order to delete your custom component, you must create a new processor.
To create a new processor, you must implement the following interface: \Opengento\Gdpr\Service\Delete\ProcessorInterface.
Then, register your processor to the following pool \Opengento\Gdpr\Service\Delete\ProcessorPool, as described:

<type name="Opengento\Gdpr\Service\Delete\ProcessorPool">
    <arguments>
        <argument name="array" xsi:type="array">
            <item name="my_component" xsi:type="string">\Vendor\Module\DeleteProcessor</item>
        </argument>
    </arguments>
</type>

Extends Anonymization

In order to anonymize your custom component, you must create a new processor.
To create a new processor, you must implement the following interface: \Opengento\Gdpr\Service\Anonymize\ProcessorInterface.
Then, register your processor to the following pool \Opengento\Gdpr\Service\Anonymize\ProcessorPool, as described:

<type name="Opengento\Gdpr\Service\Anonymize\ProcessorPool">
    <arguments>
        <argument name="array" xsi:type="array">
            <item name="my_component" xsi:type="string">\Vendor\Module\AnonymizeProcessor</item>
        </argument>
    </arguments>
</type>

Erasure Strategy

This module allows you to define the strategy to apply for the different processors.
You can configure it thanks to the admin system configuration, but you can also cheat and define the strategy to apply for them via the etc/di.xml file. Be careful, the settings from the configuration are always checked in top priority. To make it via the code, add your preferences as following:

<type name="Opengento\Gdpr\Model\Config\ErasureComponentStrategy">
    <arguments>
        <argument name="componentsStrategies" xsi:type="array">
            <item name="component_name_1" xsi:type="const">Opengento\Gdpr\Service\ErasureStrategy::STRATEGY_ANONYMIZE</item>        
            <item name="component_name_2" xsi:type="const">Opengento\Gdpr\Service\ErasureStrategy::STRATEGY_DELETE</item>        
            <item name="component_name_3" xsi:type="string">custom_strategy_code</item>        
        </argument>
    </arguments>
</type>

Warning, if you want to implement your own strategy type, you must create your own strategy class object, but you will be able to use the Opengento\Gdpr\Model\Config\ErasureComponentStrategy to serve your components by strategy.
Do not forget to use the right services managers, but you are free to use yours:

  • Opengento\Gdpr\Service\AnonymizeManagement
  • Opengento\Gdpr\Service\DeleteManagement

How to override class and methods

Plugins and preferences are not needed here to override and extends the GDPR module core code.
Actually, you should apply patterns to achieve it.

The pool pattern already allows you to override the class of your choice.
However you wont be able to extends the existing class, because of the "final" keyword. Indeed, you need to create your own class which implements the same interface. Then, simply add the class you want to "extends" as a composition. You will be able to exploit the result and override it in your method.

Eg:

interface I { public function execute(array $data): array; }
final class A implements I { public function execute(array $data): array { //process $data } }

final class B implements I {
    private $a;
    
    public function __construct(A $a) { $this->a = $a; }
    
    public function execute(array $data): array
    {
        $resultA = $this->a->execute($data);

        $resultB = $resultA; // transform $resultA
        
        return $resultB;
    }
}

Then:

<type name="Pool">
    <arguments>
        <argument name="array" xsi:type="array">
            <argument name="a" xsi:type="string">A</argument>        
        </argument>
    </arguments>
</type>

Override by:

<type name="Pool">
    <arguments>
        <argument name="array" xsi:type="array">
            <argument name="a" xsi:type="string">B</argument>        
        </argument>
    </arguments>
</type>

Congrats! You have overridden class A without extending it!

Support

Raise a new request to the issue tracker.
Please provide your Magento 2 version and the module version. Explain how to reproduce your issue and what's expected.

Authors

Similar Magento 2 GDPR Module

License

This project is licensed under the MIT License - see the LICENSE details.

That's all folks!