This documentation is not using the current rendering mechanism and is probably outdated. The extension maintainer should switch to the new system. Details on how to use the rendering mechanism can be found here.


This chapter lists all features of the GDPR extension.

Working with personal data

The extension makes it possible to exclude any record by activating a checkbox. After that, the record won’t be accessible and available anymore, no matter if backend or frontend, editor or admin.


A new administration module gives editors the possibility to handle those flagged records and react with one of the following options:

  • Completely remove the record from the database
  • Reactivate the record
  • Randomize content of the record [see Randomization](


Every action regarding those flags is logged in a central place.


Randomization is a good way to remove the private data from a record and still be able to use the rest o the record.


A user wants his orders to be removed. After randomization the private data is removed but it is still possible to generate statistics from the order, e.g. orders from a country.

By providing a mapping per table, is possible to exchange the data with dummy information which looks still ok and can be used in exports. An example would be:

[usernname] => martens.conny
[email] =>
[password] => 94n3ifyp($+%u#
[zip] => 33781
[address] => Hans-Jürgen-Sauer-Weg 21 86788 Oberursel (Taunus)
[city] => Pfungstadt
[first_name] => Miriam
[last_name] => Sander
[telephone] => +8747861395322
[fax] => +5484337015644



Using a CLI command

By using a CLI command, all data with a specific age can be randomized: ./web/typo3/sysext/core/bin/typo3 gdpr:randomize

Result can look like this:

Randomize data

Starting with table "be_users"

 // Randomization skipped as not enabled!

Starting with table "fe_users"

 // find all fields where value of field "tstamp" is older than 360 days

 [OK] 3 records randomized

Improved privacy for embedded videos

Before videos from the platforms YouTube and Vimeo are actually loaded, the user is asked for consent. This improves the privacy and as an additional benefit also the loading time.

Form overview

Overview over all forms


If supported, also the count of mail log and preview is shown


Each form must be checked if it complies with the GDPR. This can’t be done by the extension but it can help to ease the workflow.


  • Listing of all forms, generated by the most popular form extensions form, powermail & formhandler:
  • Provide a state to know which forms have already been checked and which need to be done.

Report module

A report shows a short information about potential actions.



See and filter any action of GDPR related actions