Praisma Hub LogoPraisma Hub

8.1.1 Security & Compliance — Data Protection — GDPR Overview

The platform is designed to support compliance with the General Data Protection Regulation (GDPR) by embedding data protection principles into architecture, processes, and features. Responsibility is shared: the platform provides compliant tooling, while tenants act as data controllers for their content and users.

Roles and Responsibilities

Under GDPR, roles are clearly delineated.

Role definitions:

Tenants act as data controllers

The platform acts as a data processor

Subprocessors may be involved for specific services

Responsibilities are enforced contractually and technically.

Lawful Basis and Purpose Limitation

Personal data processing is tied to explicit purposes defined by tenants.

Supported lawful bases:

Contractual necessity

Legal obligation

Legitimate interest where applicable

Data is not repurposed beyond its defined scope.

Data Minimization

The platform encourages collection of only necessary personal data.

Minimization practices:

Optional fields by default

Explicit schema definitions

No hidden data capture

Transparency and Access

Tenants can provide transparency to data subjects through access and export mechanisms.

Supported rights:

Right of access

Right to data portability

Right to rectification

Data Subject Rights Handling

The platform provides tools to support GDPR rights requests.

Rights supported:

Access and export

Rectification

Erasure where applicable

Restriction of processing

Execution remains under tenant control.

Data Retention and Deletion

Retention policies can be defined per data category. Deletion is deterministic and logged.

Retention guarantees:

No silent retention

Predictable expiration

Audit-friendly deletion

Security by Design

Technical and organizational measures are applied by default.

Security measures:

Encryption at rest and in transit

Access control and audit logging

Isolation between tenants

Breach Management

The platform supports detection and response to personal data breaches.

Breach support:

Audit trails

Incident investigation tooling

Timely notification support

Documentation and Accountability

Compliance-related actions are logged to support accountability and audits.

Disclaimer

This overview is informational and does not constitute legal advice. Tenants remain responsible for ensuring their own GDPR compliance.