GDPR stands for General Data Protection Regulation.

 

The General Data Protection Regulation is a regulation in Eurpean (EU) law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

 

The GDPR was adopted on 14 April 2016, and became enforceable beginning 25 May 2018. As the GDPR is a regulation, not a directive, it does not require national governments to pass any enabling legislation and is directly binding and applicable.

 

GDPR COMPLIANCE IN MAGENTO FRONT-END:

 

As customer interacts with Magento front-end and he submits his personal detail here, Magento frontend must also comply with GDPR. So, here are the some suggestions:

 

  • Allowing/Disallowing Cookies:
    When a customer opens the website, he should be asked to allow the cookies to store/manage his personal data. This is beacuse of that any information which is stored in cookies can easily be seen through browser’s tool.
  • Accepting Privacy Policy While Registration:
    There should be a checkbox to accept Privacy Policies in Customer Registration page. Privacy Policies should explain clearly about what kind of details will be managed or used by the system and where those details will be used. For instance, system will save customer’s email id to email current status of his order.

    If customer does not accept with Privacy Policy consent while registering then system must ask to accept the consent when customer is about to checkout his order because there would be billing address, shipping address, mobile number, email address, first name and last name will be retrieved to process the order.

 

Providing Privacy Settings To Customer:
Customer should have some Privacy Settings under his account to manage his personal information. Basic settings can be the following:

     Personal Data: Customer must always know and aware of the information which is being used by the system. He should be able to see that personal data into his account. If possible then provide an option to customer for downloading the entire data which is being used by system.

     Anonymising Personal Data: Customer should be able to anonymise his personal details anytime after completion of all of his orders as he might never want system to manage his personal after a specific period.

     Revoking his Privacy Policy Consent: Customer should be able to revoke his consent anytime so that he would feel comfortable while he would surf the entire front-end. If he sees any issue then he can revoke his consent anytime.

     Deleting Account: System should provide an option to customer for requesing to delete his account from the system.

 

Taking Magento 2 Database Backup with GDPR compliance

As concern as Magento 2 database, generally, database dump is created which has structure and data of entire database. This dump usually include tables with personal data of customers such as name, addresses, invoices, orders, emails, mobile numbers. etc. Generally, when exporting customer’s data is not needed, it is considered as bad practice as the data might get stolen, lost or available to unwanted people.

 

To overcome this issue, N98-magerun2 provides a tool Database Dump Tool to manage the database dump in Magento 2 through command line.

 

To achieve this tool, N98-magerun2 should be installed and it can be installed through either Phar file or Composer.

 

INTALLING PHAR FILE:

 

shasum -a256 n98-magerun2.phar

  • Now, to make the phar-file executable, run the following command:
    chmod +x n98-magerun2.phar
  • Now, the base installation has been completed and it can be verfied as:
    n98-magerun2.phar -version
  • Above command should show the output like this:
    n98-magerun2 version 1.3.2 by netz98 GmbH
  • Now, this phar can be called by using PHP CLI Interpreter:
    php n98-magerun2.phar {command}

 

INSTALLING WITH COMPOSER:

 

  • Require Magerun within the Magento (or any other) project and then execute it from the vendor’s bin folder:
    composer require n98/magerun2

  • If it shows any issue, then try the following command:
    composer require --no-update n98/magerun2

composer update

  • To verify the installation, check the version by running the following command:
    ./vendor/bin/n98-magerun2 --version

Output: n98-magerun2 version 1.3.2 by netz98 GmbH

DUMPING THE DATABASE:

 

The db:dump command is used to dump the project database,. It uses mysqdump:

php n98-magerun2.phar db:dump

 

Above command will create afile having structure and data of entire database.

 

STRIPPING DATABASE DUMP:

 

-strip argument can be used to exclude specific tables from the dump. It can be used as:

php n98-magerun2.phar db:dump [--strip]

 

Tables can also be stripped directly by adding them with space. Wildcards like * and ? Can be used to strip multiple tables. That is:

php n98-magerun2.phar db:dump --strip=”customer_address* sales_invoice_*”

 

Pre-defined Table Groups can also be specified to strip the tables. Table groups start with @ sign and it can be used as:

php n98-magerun2.phar db:dump --strip=”@stripped”

 

The table groups are predefined in the config.yaml file either in the vendor/n98/magerun2/ folder or in the n98-magerun2.phar package.

 

Available table groups:

 

@customers - Customer data (and company data from the B2B extension)

            customer_address*

            customer_entity*

            customer_grid_flat

            customer_log

            customer_visitor

            newsletter_subscriber

            product_alert*

            vault_payment_token*

            wishlist*

 

@development - Removes logs, sessions, trade data and admin users so developers do not have to work with real customer data or admin user accounts

            @admin

            @trade

            @stripped

            @search

 

@log – Log Tables

            log_url

            log_url_info

            log_visitor

            log_visitor_info

            log_visitor_online

            report_event

            report_compared_product_index

            report_viewed_*

 

@search

            catalogsearch_*

 

@sessions – Database Session Tables

            core_session

 

@quotes – Cart (Quote) Data

            quote

            quote_*

 

@sales - Sales data (orders, invoices, creditmemos etc.)

            sales_order

            sales_order_address

            sales_order_aggregated_created

            sales_order_aggregated_updated

            sales_order_grid

            sales_order_item

            sales_order_payment

            sales_order_status_history

            sales_order_tax

            sales_order_tax_item

            sales_invoice

            sales_invoice_*

            sales_invoiced_*

            sales_shipment

            sales_shipment_*

            sales_shipping_*

            sales_creditmemo

            sales_creditmemo_*

            sales_recurring_*

            sales_refunded_*

            sales_payment_*

            enterprise_sales_*

            enterprise_customer_sales_*

            sales_bestsellers_*

            paypal_billing_agreement*

            paypal_payment_transaction

            paypal_settlement_report*

 

@admin

            admin*

            authorization*

 

@trade - Current trade data (customers, orders and quotes). You usually do not want those in developer systems.

            @customers

            @sales

            @quotes

 

@stripped

            @log

            @sessions

 

 

CUSTOM TABLE GROUPS:

 

Along with pre-defined table groups, custom table groups can also be defined. A custom table group can be defined by creating an n98-magento2.yml file inside the Magento2 project app/etc/ folder. The file should contain the following lines:

 

# app/etc/n98-magerun2.yaml

# ...

commands:

 N98\Magento\Command\Database\DumpCommand:

    table-groups:

      - id: table_group_name

        description: table group description

        tables: space separated list of tables

# ...

 

So, @table_group_name can be used in -strip argument to exclude the data specified inside that particular group.

 

So, above is the best way to strip all of data that should not be needed to include in dump to make sure that the database dump is GDPR complaint.