GDPR for osCommerce – part 1 – Data privacy

multimixer | work | Wednesday July 4 2018

The General Data Protection Regulation (GDPR) – Datenschutz-Grundverordnung (DSGVO) in German – is a regulation in EU law on data protection and privacy for all individuals within the European Union (read more here and here)

This post introduce a set of osCommerce modules that cover the GDPR obligations of:

1) Right of access: It gives citizens the right to access their personal data and information about how this personal data is being processed. A data controller must provide, upon request, an overview of the categories of data that are being processed as well as a copy of the actual data

2) Right to erasure: The data subject has the right to request erasure of personal data related to them

In simple terms, the set of modules being introduced here will allow your customers to:

  • see what data you have stored about them
  • download that data
  • edit parts of that data
  • delete parts of that data

Customers are ale to delete and edit anything but their orders, that you are obligated to keep for fiscal reasons

The set of modules create a new page called “account privacy” and a link to it on the accounts overview page. You can of course add more links to the account privacy page anywhere on your store.

gdpr oscommerce account page

The account privacy page, display all GDPR modules that you have installed in admin.

gdpr oscommerce account privacy pageEach module contain a section of the customers data stored on the website. Modules display “collapsed” in order to have a better overview. Displaying all data at once could be confusing for store visitors and cause a lot of scrolling on mobile devices. The visible heading part of each module, display its title and 2 buttons.

  • the “show” button expands the details on screen
  • the “download” button allow customers to download the data of the corresponding module.

The “account data” module display the basic account data of the customer, like name, email, address, the date the account was created, number of logons etc. It also display any recorded actions of the “action recorder” modules that are included in osCommerce by default.

gdpr oscommerce account moduleCustomer can delete their account by pressing the “delete” button. In order to prevent accidetial deletion, customers have to confirm the action, since it can’t be undone.

gdpr oscommerce delete accountThe “address book” module display the main and any additional addresses the customer may have stored. Each address can be edited and each address – beside the main address – can be deleted on this page

gdpr oscommerce addresses moduleThe “subscriptions” module display the subscription status to newsletters and global product notiofications and create a list of products your customer has subscribed for, in order to receive individual product notifications and updates.

The customer can easily subscribe / unsubscribe to newsletters and global product notifications and easily remove any individual product notifications.

gdpr oscommerce subscriptions module

Its worth to mention that all actions are performed via ajax calls, that mean without page reloads that improve the customer experience specially on mobile devices

The “cookies” module display all cookies that the website stores on customers device. In admin, you can set the cookies that are essential for the store operation, like the “osCsid”, that is the session ID cookie. You can also add a optional description to each cookie to make clear what it is good for.

Your customers vcan delete any cookie by pressing the delete button

gdpr oscommerce cookies moduleThe “product reviews” module display all reviews the customer has submitted, regardless their status (you can turn the status of reviews on or off in admin and make them visible to public or not)

Your customer can either delete a review or “anonymize” it. The “anonymize” function replace characters of the customers name with asterisks (*)

gdpr oscommerce reviews moduleThe “orders” module display all customers orders. Orders do not really belong to personal data protected by GDPR, but I believe its a good idea to have that information on this page. Its is up to you to install the module in admin or not.

gdpr oscommerce ordersThe module display a list of all orders. The customer can see the details of each order by pressing the “show details” button. Order details are shown without any page reload.

gdpr oscommerce order detailsThe details page display shipping and payment details, a list of the ordered products and the complete order history.

Orders can’t be deleted by the customer, the store has to keep order records or fiscal reasons

The “shopping cart” module display the contents of the customers cart. While this also doesn’t belong to data protected by GDPR, its good to have the option to display it on this page, you can decide your self if you want to show the module or not.

gdpr oscommerce cart

The customer can remove items from the shopping cart, the action is performed without any page reload

GDPR compliance is required for all websites and online stores, doesn’t matter if you are located in the European Union or not. The moment your online store is accessible by European Union citizens and you have customers that are European Union residents, you have to adapt, fines can be very high from what I’m reading.

In case you don’t have already an other solution and want to have that modules for your store, please get in touch.

You can also checkout part 2 about collecting customers consent

Click +1 to recommend this to your friends when they search.


follow multimixer on Twitter

Follow me on twitter. I'm not tweeting all day long and guaranteed no spam and no advertising.

If you like what you read and if you think it will help you in your online business, then please consider a donation.

There is no obligation to do so and all information provided here is free to use.

It will however help to keep this blog alive, free of advertising and full of content.

  • fabbea 31/07/2018 at 10:00


    where can we find the set of modules for gdpr compliance ?


    • multimixer 31/07/2018 at 11:35


      Thank you for your comment

      The GDPR modules are available upon request, I’ve sent you an email with details


  • Irena 25/09/2018 at 23:13

    Hello, can i get the gdprs moduls?

    will be greatfude to have .
    Nice day

  • multimixer 26/09/2018 at 08:45

    Hello Irena

    The osCommerce version you are using is too old unfortunately and the set of GDPR modules would not work on it


  • Anthony Azzopardi 27/03/2019 at 12:21


    Can you send me the GDPR module. I never installed any modules on osCommerce so I would need full instructions.

    Thank you,

    • multimixer 27/03/2019 at 14:59

      Hello Anthony

      The modules are available at a cost

      I’ll send you details by email