GDPR posture
EnfinitOS keeps GDPR Article 15 and Article 17 endpoints + the consent register as first-class platform surfaces — every request is signed, dated, and audit-anchored. Erasure requests that conflict with a legal-basis hold (ongoing audit, regulatory retention) are surfaced as BLOCKED so the operator can route them through legal review before responding to the subject.
Data subject access requests (DSAR)
A subject (or a regulator acting on their behalf) asks for every record EnfinitOS holds on them. The platform produces a signed export within the GDPR-mandated 30-day window.
Data subject access request
File a request on behalf of a subject. The platform produces a signed export by the due date.
Recent DSAR requests
Loading DSAR requests…
Erasure requests
The right to be forgotten. The platform removes the subject's records from this tenant scope but retains a redacted reference to the erasure event itself — the audit ledger needs that breadcrumb as compliance evidence.
Erasure request
Remove a subject's data from this tenant scope. Subject to legal-basis verification.
Recent erasure requests
Loading erasure requests…
Append-only consent register
Every grant + every revocation is preserved — the platform can never quietly "lose" a consent decision, and the register is the source of truth for any CONSENT_REQUIRED behaviour rule attached to a right.
Consent register
Append-only consent ledger — revocations are recorded but never delete the original grant.