Comparison of GDPR and Magento Modules

30.08.2018 Angelika Siczek

There is a chance that your Magento store is not yet ready for GDPR, if you are still not sure how to approach this problem, you’ve come to the right place. In this post, we compare the two robust extensions that allow the implementation of the GDPR in Magento created by Amasty and Aheadworks.


Below is a list of the basic functions of each of the mentioned Magento 2 GDPR extensions.


Personal data according to GDPR

Thanks to the module, your online store will be compliant with the latest GDPR regulations. The shop visitors have the opportunity to:

– access to your data and display it in PDF and XML format;

– validate of the use of data;

– consent to access and processing of data; or

– request the deletion of data.

Additionally, the Aheadworks Magento 2 GDPR module simplifies the management of huge databases containing customer information. It offers a user-friendly way to track customer consent to data processing and data removal requests.

Consent to the data protection policy

One of the most important aspects of GDPR is to allow customers to agree to a data protection policy on different websites. The Aheadworks Extension GDPR Magento 2 offers this possibility on the registration and payment page as well as via individual pop-ups.

Client access to personal data

Another important aspect of the GDPR is the possibility of access to personal data. Thanks to the Aheaworks Magento 2 GDPR extension, your customers will quickly get a copy via PDF or XML files. As a Magento administrator, you can get the necessary files in the backend section as well.

Improved client account

Customers not only receive a new registration form, but also an improved customer account. The plugin allows users to request access to their data and delete their accounts. Remember that deleting data leads to the removal of all incomplete orders and abandoned shopping carts. It should also be mentioned that the extension reduces the workload of the support department. Customer requests are downloaded directly from their accounts. Then you can quickly filter them out and properly handle them in the administration panel.

Checking e-mail and downloading data

It is also worth mentioning that the extension offers a secure verification mechanism that aims to protect customer data from fraudulent actions. As a store owner, you can filter out malicious requests via e-mail. Another significant function is related to data recovery. Thanks to the current API, you can effortlessly retrieve data from related third-party applications.

Convenient backend management

As a store administrator, you also receive several new mechanisms. There is a grid that allows you to track the consent of customers and export them as a list. In addition, you can process data access requests and delete them in a user-friendly manner. Everything is available in three independent sections: Compatibility, Data Access Requests, and Removal Requests.

The Aheadworks Magento 2 GDPR module enables:

– customer segmentation according to agreement conditions;

– management of requests for access to data and deletion of data;

– deleting selected customers.

High flexibility

The GDPR requirements are not eternal, so you should be ready to modify your store according to the new changes and rules. Thanks to the extension of Magento 2 GDPR by Aheadworks, you will not have to collect consent again. Instead, the module allows you to reset your current status with a single click and ask customers for permission to modify the modified version of the data protection rules. That way, you avoid the many headaches associated with all future updates of GDPR.

Amasty GDPR

Now let’s focus on what Amasty offers so that your store is right for GDPR standards.

Adaptable privacy policy

Amasty’s GDPR Magento 2 extension allows you to create multiple privacy policies depending on your business area, ensuring that your privacy policy complies with local requirements. In this way, you can ensure a policy suitable for GDPR for EU websites, while creating store views that do not support new regulations. You can use this module to create any number of versions and policy texts.

Advanced customer consent management

The module adds a dedicated checkbox to two areas of your e-commerce website – the registration form and the ordering process. Therefore, both new clients and guests can agree to the privacy policy. While Aheadworks offers pop-ups information for customers about the new privacy policy, Amasty allows you to create mailing lists and use them to send requests for consent or update policies in bulk. In addition, the collected consents can be used in remarketing campaigns, marketing automation, A / B tests, etc.

Convenient backend management

The Amasty Magento 2 GDPR product extension divides all clients into two groups. The first contains consent to the privacy policy. Second – without them. As a store administrator, you can send email requests to clients from the other network as well as export customer lists from both.

Removal request

The next grid provided by the module contains removal requests. As a Magento 2 administrator, you can decide whether to approve or reject such requests.

Extended client account

As for the customer’s account area, it contains three new options:

– Download personal data via CSV;

– Anonymous personal data;

– Request for deletion of personal data.

Note that data anonymization is represented only by the extension of Amasty’s Magento 2 GDPR product. Aheadworks does not provide any similar possibilities.


Now that you know the fundamental differences between the two significant GDPR extensions for Magento 2, we can examine them in detail, starting with the backend section.


The Magento 2 GDPR backend extension section from Aheadworks is user-friendly and intuitive.


The appropriate Aheadworks Magento 2 GDPR expansion configuration section is divided into two subsections: General and e-mail settings. The first one allows you to select the data protection policy page displayed to clients. In the e-mail settings, you can specify the sender, and select the templates to confirm the deletion and e-mail confirming access to the data. These are all configuration settings:


A network of consent permits allows you to view customers with the appropriate consent. You can display parameters such as customer ID, first and last name, e-mail address, website, date of last consent and the consent itself. You can delete clients one at a time or in bulk. In addition, it is possible to export the mesh in a CSV or XML file.

Data access requests

All data access requests are also collected in the grid. It displays the customer’s name and email address, request status and creation time, as well as solution time. The available actions allow you to change the status of the request for processing, cancellation or termination. In addition, it is possible to download data in a PDF or XML format for each request individually. Collective actions enable a collective change of states.

Removal requests

A similar grid is available for removal requests. It provides the ability to delete data by changing the status. If the administrator changes the status of the request to “Finish”, the personal data of the specific client will be deleted. Please note that this activity is not compromised and the status of the completed request cannot be changed.


Now let’s take a look at the Magento 2 GDPR extension section created by Amasty.


The configuration section of the GDPR Magento 2 module by Amasty is divided into two parts: Geo IP and GDPR data. The first allows you to download and import a Geo IP database to identify users’ locations. Then you can use this data to provide your clients with a local privacy policy.

The GDPR section itself is divided into the following tabs:

– Anonymization notifications;

– Notifications about account deletion;

– Reports to the deputies for consent;

– Privacy checkbox.

The first three tabs are used to configure e-mail notifications, specifying parameters such as the sender of the e-mail and the template of the e-mail. Then you can configure the Privacy Checkbox tab. This allows you to display the consent box for privacy policy only in EU countries, specifying the text displayed next to the checkbox and deciding whether to display the checkbox on the registration and transaction pages.

Privacy policy

As mentioned above, grid allows you to create and manage multiple privacy policies. The grid contains many columns carrying information about the policy creation date, version number, last editing time and author, comments, status, etc. You can always apply filters and sort to find the documentation you need. At the same time, it is possible to delete documents in bulk. The existing privacy policy can be displayed and modified here.

Customers who agreed

To simplify the management of customer consents, the Amasty Magento 2 GDPR product extension provides two separate networks for customers with and without an agreement. The first collects data about customers who have accepted the privacy policy. Shows the following customer data:

– Name;

– E-mail;

– Date of consent;

– A version of the agreed policy.

The grid provides the ability to send requests for approval of the new version of the rules for selected clients in bulk.

Customers without any consent

Another network simplifying the management of consents are Customers without the consent. Displays customer names, e-mail addresses, and country. The network offers the same possibility: you can ask customers to accept their privacy policy by sending emails.

Customers expect an e-mail queue

Another complementary grid is the queue of e-mails for customers. Here you can check the status of sent e-mails.

Removal request

The Amasty Magento 2 GDPR extension provides an intuitive way to manage removal requests that are also collected in the system. You can see the date of the application, the customer’s name and e-mail address as well as the number of completed and pending orders. The module then allows you to approve or reject bulk account deletion requests as shown below:

Logs of action

To improve the monitoring of customer activities, the module provides an action log grid. It covers the entire activity of visitors to your website related to GDPR. The grid shows the customer ID, name and IP address, as well as the action and its date. Anonymous users are encrypted.

As you can see, Amasty provides a more complex backend section with many additional grids, which simplify the back-office processes associated with the GDPR management. Let’s go to the frontend section of each module.


Below we compare how both GDPR 2 extensions change the look of your store according to the new requirements.



The Magento 2 GDPR extension by Aheadworks extends the default registration form with a checkbox. When registering on the site, the user can read the privacy policy he offers by clicking the link next to the checkbox. Please note that you can not create a new account until you agree to the processing of personal data.

The order process

As for guests, they will receive a pop-up window asking them to confirm the privacy policy on the checkout page. They can go to the site with the terms of the privacy policy and then agree to these terms, reject them or postpone the consent provisions. No order will be placed if the user rejects the new rules.

Popup for current customers

Please note that previously registered users will be asked to agree to a dedicated pop-up window immediately after logging in.

Customer account

The extension adds an additional card to the customer’s account. In this way, registered customers can request access to data and delete data or delete their account in the “Account information” section.


Amasty offers similar possibilities. Let’s take a look at the same sections.


The module also adds a checkbox and a link to private police to the registration form.

The order process

Alternatively, the privacy policy can be accepted on the ordering page. To view the privacy policy document, the customer should click the “privacy policy” link next to the checkbox.

Customer account

The module extends the area of customer accounts with a new section – Privacy settings. It provides customers with the possibility of:

– downloading personal data via CSV;

– anonymization of personal data;

– sending a request to delete an account.


The critical difference between these two modules is the anonymization of personal data. Amasty enables customers to change the way information is displayed. The extension replaces the contact and address data of the client with a random symbol sequence. The same sequence is displayed in the back office section of the store.



Confirmation email and notifications



Many privacy policies


Geo IP function


E-mails with consent requests


Data removal request



Actions-taken logs


Extensive registration page



Extensive ordering process



Query popup


Client’s account:

Data request



Removal request



Account removal request








As can be noticed, both extensions have the same price. 200 USD is quite an affordable price when you want your e-commerce store to be compatible with GDPR. Writing an analogous proprietary solution is over 80 hours of programmer’s work. If you want a more simple and intuitive tool, choose GDPR for Magento 2 created by Aheadworks. If you need additional features and extra backend control, the Amasty Magento 2 GDPR extension will be a better choice.

Have a question?

Write to us

    PDF, DOC, DOCX, JPG lub PNG (max 5MB)



    Andrzej Szylar

    Chief Executive Officer


    Magdalena Paczyńska-Kamienik

    HR Manager


    Aleksandra Bielawska-Clegg

    HR Business Partner



    Michał Duława

    New Business Developer



    Katarzyna Zajchowska

    Marketing Partner