GDPR stands for General Data Protection Regulation.
The General Data Protection Regulation is a regulation in Eurpean (EU) law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.
The GDPR was adopted on 14 April 2016, and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.
GDPR COMPLIANCE IN MAGENTO FRONT-END:
As customer interacts with Magento front-end and he submits his personal detail here, Magento frontend must also comply with GDPR. So, here are the some suggestions:
Providing Privacy Settings To Customer:
Customer should have some Privacy Settings under his account to manage his personal information. Basic settings can be the following:
◦ Personal Data: Customer must always know and aware of the information which is being used by the system. He should be able to see that personal data into his account. If possible then provide an option to customer for downloading the entire data which is being used by system.
◦ Anonymising Personal Data: Customer should be able to anonymise his personal details anytime after completion of all of his orders as he might never want system to manage his personal after a specific period.
◦ Deleting Account: System should provide an option to customer for requesing to delete his account from the system.
Taking Magento 2 Database Backup with GDPR compliance
As concern as Magento 2 database, generally, database dump is created which has structure and data of entire database. This dump usually include tables with personal data of customers such as name, addresses, invoices, orders, emails, mobile numbers. etc. Generally, when exporting customer’s data is not needed, it is considered as bad practice as the data might get stolen, lost or available to unwanted people.
To overcome this issue, N98-magerun2 provides a tool Database Dump Tool to manage the database dump in Magento 2 through command line.
To achieve this tool, N98-magerun2 should be installed and it can be installed through either Phar file or Composer.
INTALLING PHAR FILE:
shasum -a256 n98-magerun2.phar
INSTALLING WITH COMPOSER:
Output: n98-magerun2 version 1.3.2 by netz98 GmbH
DUMPING THE DATABASE:
The db:dump command is used to dump the project database,. It uses mysqdump:
php n98-magerun2.phar db:dump
Above command will create afile having structure and data of entire database.
STRIPPING DATABASE DUMP:
-strip argument can be used to exclude specific tables from the dump. It can be used as:
php n98-magerun2.phar db:dump [--strip]
Tables can also be stripped directly by adding them with space. Wildcards like * and ? Can be used to strip multiple tables. That is:
php n98-magerun2.phar db:dump --strip=”customer_address* sales_invoice_*”
Pre-defined Table Groups can also be specified to strip the tables. Table groups start with @ sign and it can be used as:
php n98-magerun2.phar db:dump --strip=”@stripped”
The table groups are predefined in the config.yaml file either in the vendor/n98/magerun2/ folder or in the n98-magerun2.phar package.
Available table groups:
@customers - Customer data (and company data from the B2B extension)
@development - Removes logs, sessions, trade data and admin users so developers do not have to work with real customer data or admin user accounts
@log – Log Tables
@sessions – Database Session Tables
@quotes – Cart (Quote) Data
@sales - Sales data (orders, invoices, creditmemos etc.)
@trade - Current trade data (customers, orders and quotes). You usually do not want those in developer systems.
CUSTOM TABLE GROUPS:
Along with pre-defined table groups, custom table groups can also be defined. A custom table group can be defined by creating an n98-magento2.yml file inside the Magento2 project app/etc/ folder. The file should contain the following lines:
- id: table_group_name
description: table group description
tables: space separated list of tables
So, @table_group_name can be used in -strip argument to exclude the data specified inside that particular group.
So, above is the best way to strip all of data that should not be needed to include in dump to make sure that the database dump is GDPR complaint.