There are two paths how onePortal™ Trivore Identity Service (TIS) obeys the EU GDPR. First option below is the basic option, and always included in onePortal™TIS. Second option requires more planning, as it is normally an organisation wide solution.
It is possible for user accounts to view own data on a self-service web user interface in human readable way (article 15), and it is possible on a self-service web user interface to download all personal data as a machine-readable JSON file (article 20).
It is possible to use onePortal™ TIS as a general company wide MyData Solution to deliver PII Personal Identifiable Information from many back-end systems to those user accounts registered in onePortal™TIS. This MyData Solution is an example of an Integrated onePortal™ Applicationapplication integrated to TIS. It is very flexible, and can fetch data from any number of organisation back-end systems, be it legacy, or more modern. It can also present the data on onePortal™TIS, make it downloadable on onePortal™, and make it available over REST end-points to a custom made external website or application.
The first one is always part of onePortal™TIS. The second one requires integration to back-end systems, and is available on request.
The following image shows the common GDPR processes. For completeness sake, this image includes back-end systems and auxiliary MyData related files, which do not exist in pure onePortal™TIS-only solution.
The following image shows the full architecture of option 2 with data flows. It includes Trivore Integration Platform, which integrates to onePortal™TIS, but which is not part of all onePortal™ TIS deployments. It is rather comprehensive.
...