There are two paths how onePortal™ obeys the EU GDPR. First option below is the basic option, and always included in onePortal™. Second option requires more planning, as it is normally an organisation wide solution.
It is possible for user accounts to view own data on a self-service web user interface in human readable way (article 15), and it is possible on a self-service web user interface to download all personal data as a machine-readable JSON file (article 20).
It is possible to use onePortal™ as a general company wide MyData Solution to deliver PII from many back-end systems to those user accounts registered in onePortal™. This MyData Solution is an example of an Integrated onePortal™ Application. It is very flexible, and can fetch data from any number of organisation back-end systems, be it legacy, or more modern. It can also present the data on onePortal™, make it downloadable on onePortal™, and make it available over REST end-points to a custom made external website or application.
The first one is always part of onePortal™. The second one requires integration to back-end systems, and is available on request.
The following image shows the common GDPR processes. For completeness sake, this image includes back-end systems and auxiliary MyData related files, which do not exist in pure onePortal™-only solution.
The following image shows the full architecture of option 2 with data flows. It includes Trivore Integration Platform, which integrates to onePortal™, but which is not part of all onePortal™ deployments. It is rather comprehensive.
