GDPR - What shopuld we know from it?

GDPR - What shopuld we know from it?

GDPR stands for General Data Protection Regulation.


The General Data Protection Regulation is a regulation in Eurpean (EU) law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.


The GDPR was adopted on 14 April 2016, and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.


Gdpr Compliance In Magento Front-end:

As customer interacts with Magento front-end and he submits his personal detail here, Magento frontend must also comply with GDPR. So, here are the some suggestions:


  • Allowing/Disallowing Cookies:

    When a customer opens the website, he should be asked to allow the cookies to store/manage his personal data. This is beacuse of that any information which is stored in cookies can easily be seen through browser’s tool.

  • Accepting Privacy Policy While Registration:

    There should be a checkbox to accept Privacy Policies in Customer Registration page. Privacy Policies should explain clearly about what kind of details will be managed or used by the system and where those details will be used. For instance, system will save customer’s email id to email current status of his order.

    If customer does not accept with Privacy Policy consent while registering then system must ask to accept the consent when customer is about to checkout his order because there would be billing address, shipping address, mobile number, email address, first name and last name will be retrieved to process the order.


Providing Privacy Settings To Customer:

Customer should have some Privacy Settings under his account to manage his personal information. Basic settings can be the following:


Personal Data:

Customer must always know and aware of the information which is being used by the system. He should be able to see that personal data into his account. If possible then provide an option to customer for downloading the entire data which is being used by system.


Anonymising Personal Data:

Customer should be able to anonymise his personal details anytime after completion of all of his orders as he might never want system to manage his personal after a specific period.


Revoking his Privacy Policy Consent:

Customer should be able to revoke his consent anytime so that he would feel comfortable while he would surf the entire front-end. If he sees any issue then he can revoke his consent anytime.


Deleting Account:

System should provide an option to customer for requesing to delete his account from the system.


Taking Magento 2 Database Backup with GDPR compliance

As concern as Magento 2 database, generally, database dump is created which has structure and data of entire database. This dump usually include tables with personal data of customers such as name, addresses, invoices, orders, emails, mobile numbers. etc. Generally, when exporting customer’s data is not needed, it is considered as bad practice as the data might get stolen, lost or available to unwanted people.


To overcome this issue, N98-magerun2 provides a tool Database Dump Tool to manage the database dump in Magento 2 through command line.


To achieve this tool, N98-magerun2 should be installed and it can be installed through either Phar file or Composer.

Intalling Phar File:

Intalling Phar File:

shasum -a256 n98-magerun2.phar


  • Now, to make the phar-file executable, run the following command:

    chmod +x n98-magerun2.phar

  • Now, the base installation has been completed and it can be verfied as:

    n98-magerun2.phar -version

  • Above command should show the output like this:

    n98-magerun2 version 1.3.2 by netz98 GmbH

  • Now, this phar can be called by using PHP CLI Interpreter:

    php n98-magerun2.phar {command}


Installing With Composer:

  • Require Magerun within the Magento (or any other) project and then execute it from the vendor’s bin folder:


    composer require n98/magerun2

  • If it shows any issue, then try the following command:

    composer require --no-update n98/magerun2


composer update


  • To verify the installation, check the version by running the following command:
    ./vendor/bin/n98-magerun2 --version

Output: n98-magerun2 version 1.3.2 by netz98 GmbH


Dumping The Database:

The db:dump command is used to dump the project database,. It uses mysqdump:

php n98-magerun2.phar db:dump

Above command will create afile having structure and data of entire database.


Stripping Database Dump:

-strip argument can be used to exclude specific tables from the dump. It can be used as:

php n98-magerun2.phar db:dump [--strip]

Tables can also be stripped directly by adding them with space. Wildcards like * and ? Can be used to strip multiple tables. That is:

php n98-magerun2.phar db:dump --strip=”customer_address* sales_invoice_*”

Pre-defined Table Groups can also be specified to strip the tables. Table groups start with @ sign and it can be used as:

php n98-magerun2.phar db:dump --strip=”@stripped”

The table groups are predefined in the config.yaml file either in the vendor/n98/magerun2/ folder or in the n98-magerun2.phar package.


Available table groups:


@customers - Customer data (and company data from the B2B extension)



@development - Removes logs, sessions, trade data and admin users so developers do not have to work with real customer data or admin user accounts




@log – Log Tables








@sessions – Database Session Tables




@quotes – Cart (Quote) Data




@sales - Sales data (orders, invoices, creditmemos etc.)








@trade - Current trade data (customers, orders and quotes). You usually do not want those in developer systems.








Custom Table Groups:

Along with pre-defined table groups, custom table groups can also be defined. A custom table group can be defined by creating an n98-magento2.yml file inside the Magento2 project app/etc/ folder. The file should contain the following lines:


# app/etc/n98-magerun2.yaml
# ... commands:
- id: table_group_name
description: table group description 
tables: space separated list of tables
# ...


So, @table_group_name can be used in -strip argument to exclude the data specified inside that particular group.


So, above is the best way to strip all of data that should not be needed to include in dump to make sure that the database dump is GDPR complaint.