GDPR

v1.1.9 Annual Subscription Updated Jun 5, 2026

GDPR

Module GDPR / Cookie Consent pour Magento 2 et MageOS. Conforme au RGPD europeen, ce module fournit une banniere de consentement aux cookies entierement…
Hyvä Compatible Magento 2.4.4 Magento 2.4.5 Magento 2.4.6 Magento 2.4.7 Mage-OS 2.0 Mage-OS 2.1
€99.00
Try the live demo
  • Updates and support included for 12 months
  • License key delivered immediately by email
  • 30-day money-back guarantee
  • Full documentation included
  • Compatible with Hyvä themes
  • Composer-ready installation

GDPR / Cookie Consent

Stay compliant with European GDPR and the 2024 Google Consent Mode v2 requirement without bolting on a third-party SaaS banner. This module gives your Magento or Mage-OS store a fully configurable cookie consent banner, a granular per-category opt-in, a consent log for audit, and a native customer privacy area — all hosted on your own infrastructure.

The banner is built to convert: bar or modal layout, optional wall mode that blocks scrolling until consent is given, geo-targeting that only shows it to visitors who actually need to see it, and a sticky floating settings button so customers can change their mind without hunting for it.

Who it's for

  • B2B and B2C merchants selling in the EEA, UK or Switzerland, where GDPR and ePrivacy enforcement is real
  • Stores running Google Ads remarketing or GA4 — mandatory since March 2024 to implement Consent Mode v2
  • Merchants who want a privacy stack they own (no monthly SaaS fee, no data leaving their servers)

Key benefits

  • Compliant by default — four granular cookie categories (necessary, analytics, marketing, functional) with per-category opt-in, exactly as required by the CNIL, ICO and EDPB guidelines.
  • Google Consent Mode v2 nativeanalytics_storage, ad_storage, ad_user_data and ad_personalization signals managed automatically. Works with GTM container ID or GA4 measurement ID.
  • Conversion-friendly banner — bar (top/bottom) or modal layout, optional wall mode, configurable overlay, your own primary color, fully editable texts per store view.
  • Geo-targeting — show the banner only to EEA/UK/Swiss visitors using CloudFlare CF-IPCountry (free, recommended), a HTTP API fallback, or Magento's GeoIP. Whitelist or blacklist modes.
  • Consent log — every consent decision is stored with timestamp and source, viewable as an admin grid with export. Dashboard widget shows acceptance stats.
  • Customer privacy area — logged-in customers get a /gdpr/account/privacy page to review their data, request export or request account deletion.
  • Hyvä, Breeze and Luma — Alpine.js component for Hyvä loaded synchronously to avoid race conditions; bundled JS for Breeze; standard JS for Luma. Theme is auto-detected.

Compatibility

  • Magento 2.4.x / Mage-OS equivalent
  • PHP 8.1, 8.2, 8.3
  • Requires wimakeit/module-core 3.0.9 or later
  • Works with Hyvä, Breeze and Luma frontends
  • i18n bundled: English, French, Dutch

Install this module via Composer. Make sure your auth.json is configured with your Wimakeit credentials.

Terminal 
$ composer require wimakeit/module-gdpr:^1.1.9
$ bin/magento setup:upgrade
$ bin/magento setup:di:compile

Installation notes

The standard composer require + setup:upgrade + setup:di:compile flow applies. The points below cover what's specific to this module.

Required dependency

This module requires wimakeit/module-core 3.0.9 or later. Composer will pull it automatically from the Wimakeit registry as long as the registry is declared in your project's composer.json.

ACL permissions

After installation, one ACL resource is registered under System → Permissions → User Roles:

ResourceDefault
Wimakeit_Gdpr::config (edit module configuration)granted to Administrator role only

Configuration

The module ships with safe production defaults. Go to Stores → Configuration → Wimakeit → GDPR / Cookie Consent only if you want to change them.

General settings

SettingDefault
Enable Cookie ConsentYes
Banner Typebar (alt: modal)
Banner Positionbottom (alt: top)
Show on First VisitYes
Consent Lifetime (days)365
Show Floating Settings ButtonYes
Enable Debug LoggingNo — leave off in production

Cookie categories (default consent)

SettingDefault
NecessaryOn — always enabled, not toggleable
Analytics CookiesOff (denied until consent)
Marketing CookiesOff (denied until consent)
Functional CookiesOff (denied until consent)

Google Consent Mode v2

SettingDefault
Enable Google Consent Mode v2Yes
Default analytics_storagedenied
Default ad_storagedenied
Default ad_user_datadenied
Default ad_personalizationdenied
GTM Container ID(empty)
GA4 Measurement ID(empty)

Banner texts

SettingDefault
Banner Title"Cookie settings"
Banner Description"We use cookies to improve your experience…"
Accept All Button"Accept all"
Reject All Button"Reject all"
Save Preferences Button"Save preferences"
Privacy Policy URLprivacy-policy

Appearance

SettingDefault
Primary Color#ef6f14
Show Background OverlayYes
Wall Mode (block scroll)No

Geo-Targeting

SettingDefault
Enable Geo-TargetingNo
Modewhitelist (alt: blacklist)
CountriesEEA + UK + NO + IS + LI + CH (pre-filled)
Detection Methodcloudflare (alt: HTTP API, Magento GeoIP)

Cookie scanner

SettingDefault
Known Cookies DefinitionPre-filled JSON for GA, GA4, Facebook Pixel, HubSpot, Hotjar, Tawk, Intercom, Crisp, Magento, PHP, WiMakeIT

Cron jobs (registered automatically)

JobSchedule
wimakeit_gdpr_purge_old_logs (purge consent logs past retention)weekly, Sunday at 3 AM

No setup needed — just make sure Magento cron is running.

Geo-targeting with CloudFlare

If you use CloudFlare in front of Magento, the recommended detection method is cloudflare. It reads the CF-IPCountry request header that CloudFlare injects on every request — free, accurate, no external call. Make sure IP Geolocation is enabled in your CloudFlare dashboard (Network → IP Geolocation).

Version
v1.1.9
License
Annual Subscription
Support
12 months
Last updated
Jun 5, 2026
Magento
Magento 2.4.4 Magento 2.4.5 Magento 2.4.6 Magento 2.4.7 Mage-OS 2.0 Mage-OS 2.1
PHP
PHP 8.1 PHP 8.2 PHP 8.3
Hyvä
Compatible
Package
wimakeit/module-gdpr

Compatibility checker

Pick your stack to see if this module fits.

Compatibility 4

Yes. GDPR is tested against Magento Open Source 2.4.4 → 2.4.7, Adobe Commerce on the same line, and Mage-OS 2.0+ — on PHP 8.1, 8.2 and 8.3. The Specifications tab lists the exact tested combinations. If your stack is in the list, we guarantee a clean install. Wimakeit is an Adobe-certified Magento agency based in Presles (Charleroi / Namur region), Wallonia, Belgium and runs every module against the same matrix we ship to enterprise clients across Belgium, France and the Netherlands.
Yes — fully. GDPR ships a native Hyvä-compatible frontend (Tailwind + Alpine.js) and integrates with Hyvä Checkout when applicable. No companion fallback module needed. Every Hyvä-marked module is built and maintained by the same Wimakeit team that ships Hyvä builds for production stores.
Hyvä Storefront (Tailwind + Alpine.js, server-rendered) and Hyvä Checkout (React-based, headless on top of Magento) are two distinct packages. GDPR ships native Hyvä Storefront compatibility — its frontend is rendered through Hyvä templates with no Luma fallback. Hyvä Checkout integration is delivered when the module has a checkout-step touchpoint (custom payment input, terms checkbox, etc.); otherwise the module runs server-side without any Hyvä Checkout customisation needed. See the Specifications tab for the exact Hyvä integration scope of this module.
Yes. GDPR respects the standard Magento scope (default / website / store / store_view). Every configuration is overridable per store view. Frontend labels use Magento's standard translation files — shipped in French, English and Dutch out of the box. Currencies follow your Magento currency setup with no extra wiring. A typical Wimakeit Magento store runs an fr_BE / nl_BE / en_GB triplet from a single backend — GDPR is ready for this B2B / international setup.

Pricing & licensing 4

€99 — one-time payment, perpetual licence, no recurring fees. Includes 1 year of minor updates + email support in French, English and Dutch, 1 production domain + 1 staging/dev domain. Renewing the support window after year 1 is optional. Volume licences are negotiated directly — write to contact@wimakeit.com for agency or multi-store pricing.
Yes. GDPR has a live demo on demo.wimakeit.be/module-gdpr where you can poke around the admin and frontend with a real install pre-populated with sample data. For longer evaluations, request an evaluation licence via our contact form — evaluations cover the same scope as the paid licence and convert to a permanent key on purchase.
We review refund requests case by case. If the module doesn't deliver what was advertised, email contact@wimakeit.com from the address tied to your licence. The refund policy is published on the terms page and applies to every module sold through this marketplace.
GDPR is distributed under a commercial proprietary licence — not MIT, GPL or any other open-source licence. The PHP source ships in vendor/wimakeit/ once you composer require the package, so you can read it, audit it, and patch it locally for your own Magento install. You may NOT redistribute it, sublicense it, publish it on a public package registry, or sell it on. One licence = one production domain + one staging/dev domain (see terms for the full EULA). Wimakeit modules are NOT part of Magento's open-source repository on packagist.org — they are distributed exclusively via the private Composer registry packages.wimakeit.be.

Installation & updates 6

Run composer require wimakeit/module-gdpr:^1.1.7, then bin/magento setup:upgrade, bin/magento setup:di:compile, and finally bin/magento cache:flush. The Installation tab on this page lists every configuration step (ACLs, cron jobs, default values) so a deploy takes minutes, not hours. If you need a hand, Wimakeit offers Magento installation services from our Wallonian office (Presles, between Charleroi and Namur).
Step 1: get a token on packages.wimakeit.be → My account → Tokens. Step 2: at the root of your project add to auth.json: {"http-basic": {"packages.wimakeit.be": {"username": "YOUR-EMAIL", "password": "YOUR-TOKEN"}}}. Step 3: register the repo: composer config repositories.wimakeit composer https://packages.wimakeit.be. Step 4: composer require wimakeit/module-gdpr:^1.1.7. In CI/CD pipelines, inject COMPOSER_AUTH as a JSON env var instead of committing auth.json.
Most merchants are live within 30 minutes: composer install (1-2 min) → setup:upgrade + di:compile (5-10 min depending on stack size) → admin configuration (5-15 min following the Installation tab) → smoke test on a product or order. Allow extra time if you have a custom theme overriding similar templates. The Wimakeit team has shipped this exact module to B2B and DTC stores across Belgium.
GDPR is built for Magento 2.4.x / Mage-OS 2.0+ and has no Magento 1 equivalent. When migrating from Magento 1, the Wimakeit team handles the audit, the data migration and the integration of GDPR into the new backend as part of a Magento migration project. Migrating from Adobe Commerce to Mage-OS is transparent for GDPR: same composer require, same module code, same database schema — no fork to maintain, no licence change.
Updates ship through your composer dependency (this exact package), hosted on Wimakeit's private Composer repository at packages.wimakeit.be. Each release is announced on the Changelog tab + the Wimakeit news and follows semantic versioning — composer update is safe within a major.
All .phtml templates are overridable from your theme: copy the file into app/design/frontend/{YourVendor}/{theme}/Wimakeit_{Module}/templates/ keeping the same relative path. Blocks, ViewModels and Helpers are overridable via DI preference in your own custom module — declare <preference for="Wimakeit\…\OriginalClass" type="YourVendor\Override\Class" /> in etc/di.xml. Layout XML is extended (preferred) or overridden the standard Magento way. Wimakeit modules never use the final keyword on classes you might reasonably want to override — overriding is a first-class scenario, not a hack.

Support & security 3

Open a ticket through the contact form on wimakeit.be or email contact@wimakeit.com with the module name, version, Magento/Mage-OS version and the steps to reproduce. Fixes ship in the next patch release. Wimakeit support is staffed in French, English and Dutch on business days (CET working hours).
Send security reports privately to contact@wimakeit.com with a clear [SECURITY] subject prefix — please include the module name, version and the steps to reproduce. We acknowledge promptly on business days and credit reporters in the Changelog if they wish. Wimakeit is a Belgian SRL (société à responsabilité limitée) bound by Belgian and EU privacy and disclosure law.
Yes. GDPR stores only the data its feature scope requires, never tracks shoppers across sites, and ships zero third-party calls by default. Combine it with the Wimakeit GDPR module to publish cookie banners and data-subject request forms compliant with Belgian, French and Dutch DPA guidance. Wimakeit's EU-based hosting partners (OVH Roubaix / Gravelines, Cblue Gembloux) keep every customer's data inside the EU.

About Wimakeit 1

Wimakeit is an Adobe-certified Magento partner agency based in Presles, Wallonia (between Charleroi and Namur), Belgium, building Magento and Mage-OS stores since 2020 across BE / FR / NL. Every module on this marketplace runs in production on at least one Wimakeit client (we eat our own dog food). Direct line to the developers who built the code, multilingual support (FR / EN / NL), CET business hours, no offshore handoff. See our portfolio for the kind of Magento builds we ship.

Found something not covered by the FAQ?

Report a bug or ask a question — the form is prefilled with this module.

Report a bug

Changelog

Categories: Security, Feature, Fix, Perf, Admin, Deps.

[1.1.7] - 2026-05-12

Admin

  • Admin dashboard widget code extracted to companion module wimakeit/module-gdpr-admin-dashboard. The main module is now installable on stores that don't use wimakeit/module-admin-dashboard.

Deps

  • To keep the GDPR compliance widget on the admin dashboard, install wimakeit/module-gdpr-admin-dashboard alongside this module.

[1.1.6] - 2026-05-10

Feature

  • New Enable Debug Logging toggle (Stores → Configuration → Wimakeit → GDPR → General), off by default. Delete-request controller and country resolver emit info/debug/notice/warning only when the toggle is on; error/critical always log.

Perf

  • Production stores stop emitting trace lines from the consent/delete flows into var/log/system.log once the toggle is left off.

Deps

  • Requires wimakeit/module-core 3.0.9+ for the shared debug logger virtual type.

[1.1.5] - 2026-05-08

Admin

  • New Wimakeit → GDPR → Settings menu shortcut that opens directly on the wimakeit_gdpr configuration section. The rich GDPR menu under Marketing is preserved.
  • New Wimakeit_Gdpr::config ACL resource so the Settings entry can be granted independently of code edits.

[1.1.4] - 2026-04-29

Deps

  • Certified PHP 8.1 → 8.3 support. Composer php constraint tightened to >=8.1 <8.4.

[1.1.3] - 2026-04-21

Fix

  • Banner no longer throws Alpine Expression Error: wmGdprConsent is not defined on Luma when defer and dynamic Alpine injection raced. cookie-consent.js is now loaded synchronously so the global is defined before Alpine evaluates x-data.

[1.1.2] - 2026-04-21

Feature

  • Self-registering admin dashboard widget — when wimakeit/module-admin-dashboard is installed, the GDPR module exposes a compliance-status widget without any glue code.

Admin

  • Internal release pipeline standardized (validate, tag, deploy, release stages).

[1.1.1] - 2026-04-20

Fix

  • Settings-button icon no longer rendered at 0×0 on Luma themes that leak global button padding — explicit inner SVG size and reset padding restore the icon.
  • Banner action buttons (Accept all / Reject all / Save preferences) now share a uniform height/border-radius and flex: 1 1 140px, so long French labels like "Enregistrer mes choix" no longer spill past the border.
  • Dark-mode settings-button stroke recoloured from #888 to #ccc for legible contrast on the dark banner background.

[1.1.0] - 2026-04-20

Feature

  • Alpine.js is now bundled for Luma themes (Alpine v3.14.8 standalone). Hyvä and Breeze keep using their own Alpine since they already load it. The banner injects Alpine before cookie-consent.js when window.Alpine is missing, so x-data / x-cloak / :class directives actually process.
  • Banner texts are now translated. Admin defaults (Accept all, Reject all, banner title and description) are piped through __() so the FR/EN/NL i18n/*.csv translations apply.
  • Cookie list filters to actually-present cookies. The banner renders only cookies actually set in document.cookie (wildcard match) instead of every cookie declared in the registry.

[1.0.1] - 2026-04-14

Admin

  • Cron and config classes migrated to the shared AbstractCron / AbstractConfig bases from wimakeit/module-core — consistent logging and typed getters across all Wimakeit modules.
  • Composer/Satis distribution archives now exclude internal files (.gitlab-ci.yml, .claude/, docs/, .gitattributes).

Deps

  • Depends on wimakeit/module-core for shared cron and config abstractions.

[1.0.0] - 2026-04-13

Feature

  • Initial release of Wimakeit GDPR — cookie consent and privacy module for Magento 2 / Mage-OS.
  • Cookie consent banner powered by Alpine.js, compatible with Luma, Breeze and Hyvä.
  • Admin consent log grid with CSV export — every accept/reject/save is recorded with timestamp, IP (hashed), user-agent and cookie choices.
  • Customer privacy page — data export and account-deletion request flow, ready for the "right to be forgotten" and "right to data portability" obligations.
  • GeoIP country detection drives consent rules (e.g. apply EU consent flow only to EU visitors).
  • Cron purge of old consent log entries based on a configurable retention period.
  • Built-in translations for French, English and Dutch (fr_FR, en_US, nl_NL).

Found a bug? Tell us about it.

A short form opens in a new tab — the module name and your language are already filled in. Share what you tried, what went wrong, and we will get back to you within one business day.

Report a bug for GDPR
Module SKU: wimakeit-module-gdpr · Language: en_US

Need help?

Our team is available to assist with integration.

Contact us
Planifier un appel