GDPR Support in Platform

Owned by DevPortal Editor (Unlicensed)
Last updated: 12/11/24 by Onesait Platform
4 min read

Introduction

If there is one thing that guarantees the security of sensitive user data, it was the announcement of the General Data Protection Regulation (GDPR) that caused a stir, not only in Europe but throughout the world. Approved by the European Parliament in April 2016, the GDPR introduced a number of major changes to the way organizations can store and utilize customer data, with heavy penalties hanging over anyone who doesn't take the new regulations seriously.

Under the new GDPR regulations, citizens in the European Union have much greater control over their personal data. The new laws focus on privacy and consent, giving customers every right to know when and how their data is being used, and even when those have been compromised. These days, almost every service provider uses online data in one form or another, including banks, government agencies, retailers, and employees, as well as online giants like Facebook or Google. Crucially, customers even have the "right to be forgotten" and can withdraw consent to use their data at any time.

In accordance with this EU regulation 2016/679 for data protection (GDPR), the platform adopted the necessary requirements in the design and development of software to guarantee the privacy and protection of personal data for the user in any possible scenario. Users will have their personal data secured and protected. They will be able to define the restrictions and use the assignments of the information, guaranteeing at all times the rights established in the GDPR.

These are the main novelties established by the new norm in relation to the regime of Organic Law 15/1999, of December 13, on the Protection of Personal Data (LOPD).

PRINCIPLE OF RESPONSIBILITY (ACCOUNTABILITY)

Onesait Platform implements the mechanisms by adopting the necessary measures for the processing of personal data as required by the standard, complying with:

  • Responsibility.

  • Accountability.

PRINCIPLES OF PROTECTION

From the beginning of Onesait Platform, the design focused on full compliance with the standard, adopting the necessary measures in all processes that involve data processing, as a rule and from the source. The platform provides authentication, authorization (by roles) and encryption (encrypted information) mechanisms, both in the transfer of information from systems and devices to the platform, and in the consumption of stored information. This guarantees the confidentiality and integrity of the stored information, complying at all times with:

  • Data protection by design and by default.

  • Anonymization.

TRANSPARENCY PRINCIPLE

Onesait Platform is completely transparent, both in terms of architecture and data management. The platform is an open-source solution, which has the Onesait Platform Community version on github. Onesait Platform contemplates at all times:

  • Right of access.

  • Right to erasure.

  • Records of processing activities.

  • Enables the existence of a data protection officer.

The user will have the possibility to manage both her profile and all her information, from the ControlPanel, maintaining a principle of complete transparency and privacy for the user.

Registration and privacy options

To register an account in the system, users must accept the terms and conditions for using the platform.

Users are informed about the use of data and rights in accordance with the GDPR and how to exercise them (contact information). After that, using only the credentials (user/password), a user can access her personal platform account:

The user can edit or delete her profile directly in the application (by clicking on the username in the top bar) or by sending an email to the contact details provided in the terms and conditions (for example, if she has forgotten the password). In the second case, the administrator will request some security questions to validate the credentials such as email, registration date, operations performed, etc.

Once the user has deleted her account, all user information is also deleted if the user marked it as "private". If the information (ontologies) was verified as "public", that information will remain.

The user can define the privacy options in accordance with the GDPR:

  • Forget my data: The user can delete any information contained in the ontologies that she has.

 

  • Revoke consent: The user can revoke any previously given consent:

  • View my data: The user can consult that user's data stored in ontologies of which she is the owner.

  • Forget me: The user can delete her profile, deleting all the information:

Â