How does FlexPortals support GDPR-compliant operation?
FlexPortals provides multiple technical and operational features supporting GDPR-related requirements, including:
- role-based access control (RBAC)
- configurable field and function visibility
- detailed system and user activity logging
- audit trail and full traceability
- change tracking
- incident handling and notification procedures
- technical support for data subject rights
- export, correction, deletion and anonymization support
- separated development, test and production environments
- masked data usage in test environments
- encrypted data transfer
- documented update and hotfix procedures
- backup and restore processes in provider-hosted environments
The system supports the principle of data minimization: users can only access the data and functions required for their responsibilities.
When using FlexPortals, the Customer typically acts as the data controller, while the Provider acts as the data processor. The Customer determines the legal basis, retention periods and purposes of processing.
In case of an incident, the platform supports investigation, documentation and traceability while providing the Customer with the necessary technical logs and operational information.