| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 4417 |
| Technical Name |
flexigo_gdpr_toolkit |
| License | OPL-1 |
| Website | https://flexigotech.com |
| Availability |
Odoo Online
Odoo.sh
On Premise
|
| Odoo Apps Dependencies |
Discuss (mail)
|
| Lines of code | 4417 |
| Technical Name |
flexigo_gdpr_toolkit |
| License | OPL-1 |
| Website | https://flexigotech.com |
GDPR compliance, native in Odoo 19
RoPA Art.30 · DSAR Arts.15–21 · Breach Log Arts.33–34 · DPIA Art.35 · Retention Management. All inside your Odoo instance — no external SaaS, no monthly subscription.
Talk to a GDPR expert One‑time licence. Install from the button at the top of this page.
The compliance tax you pay every month
GDPR has been in force since 2018, yet most EU businesses still manage their operational obligations in spreadsheets — or pay €500–€1,500 per month for external SaaS platforms like OneTrust and TrustArc. That is a permanent tax on staying compliant.
€500/mo × 12 months = €6,000/year. Every year. Forever.
No central RoPA
Processing activities scattered across department spreadsheets, never audit‑ready.
DSAR by email
Requests arrive with no workflow and no tracking of the 30‑day deadline.
Breach on paper
No 72‑hour countdown enforcement for the Art.33 DPA notification window.
Ad‑hoc DPIA
Impact assessments done without structured methodology or an approval gate.
How GDPR Compliance Suite solves it
Four core GDPR operational modules, natively inside Odoo 19. Your data stays in your instance. No third‑party API calls. No per‑user licence. One price, forever.
RoPA — Records of Processing (Art.30)
Mandatory register for controllers and processors. Immutable version history on every save. DPIA criteria scoring with the WP248 nine‑criteria rule. Export to PDF or multi‑sheet Excel. Activation gate requires a linked DPIA approval.
DSAR — Data Subject Rights (Arts.15‑21)
All six request types: access, erasure, portability, objection, restriction, rectification. Automatic 30‑day deadline clock per Art.12(3). Extension workflow with notification tracking. Public portal with anti‑abuse controls and anonymous status tracking.
Breach Log — Personal Data Breach (Arts.33‑34)
72‑hour live countdown for DPA notification per Art.33(1). EDPB 9/2022 risk matrix combining impact and likelihood. Automatic Art.34 data‑subject notification flag. Immutable records with an archive‑requires‑reason policy.
DPIA — Impact Assessment (Art.35)
WP248 rev.01 five‑step methodology: description, necessity and proportionality, risk identification, mitigation, residual risk. Prior consultation flag per Art.36. Approval workflow with locked post‑approval records. PDF report generation.
Retention — Storage Limitation (Art.5(1)(e))
Define retention periods per data category with automated daily cron alerts. Review actions: retained, anonymised, deleted, or extended with mandatory justification. Conflict‑detection wizard checks invoices, HR and sales data before deletion.
Compliance Dashboard
Single‑screen DPO overview: open DSARs, overdue deadlines, active breaches, pending DPIAs, expiring retention records. Real‑time KPI cards on every page load — the dashboard a DPA inspector wants to see on day one.
See it in action
English walkthrough
Español
Deutsch
Feature walkthrough
Who needs this
Data Protection Officers
Your daily operational dashboard for every GDPR obligation in one place, with automatic deadline tracking and audit‑ready reporting.
Compliance teams at EU SMBs
Replace spreadsheets and shared drives with a structured, immutable compliance system that costs less than one month of OneTrust.
HR directors and legal counsel
Employee data processing, DSAR responses and retention schedules managed inside the same Odoo instance the company already uses daily.
Odoo partners and integrators
Deploy a complete GDPR stack for clients without external SaaS dependencies, Schrems II exposure or recurring subscription fees.
Companies under AEPD supervision
Spanish supervisory authority details and LOPDGDD 3/2018 references are built in, alongside the EU‑wide GDPR workflows.
Privacy‑first organisations
Keep all GDPR data inside an EU‑hosted Odoo instance — no third‑party processor, no cross‑border transfer to manage.
Compatibility
| Odoo version | 19.0 Community and Enterprise |
| Multi‑company | Strict record rules isolate data per legal entity |
| Multi‑language | English UI with translatable field labels |
| Python dependencies | cryptography (Fernet encryption), openpyxl (Excel export) |
| Data residency | No external API calls, no SaaS, no data leaving your instance |
| Licence | OPL‑1 (Odoo Proprietary Licence v1.0) |
| Support | FlexigoTech — comercial@flexigotech.com |
Pricing
What is included
All four core modules (RoPA, DSAR, Breach Log, DPIA), Retention Management and the Compliance Dashboard. Audit log, DPO config, portal privacy rights, PDF reports and Excel export. Free updates for all 19.0.x releases.
Compare
OneTrust starts at €500/month (€6,000/year); TrustArc is comparable. The only equivalent Odoo 19 app covering our full scope lists at €319.99. GDPR Compliance Suite is a one‑time €249 — your data never leaves your Odoo instance and there is no vendor lock‑in.
This app supports your GDPR compliance workflows under Regulation (EU) 2016/679. It does not constitute legal advice. Consult your legal counsel for binding interpretation.
Frequently asked questions
Does this app make me 100% GDPR compliant?
No software can guarantee full legal compliance. What it does is give you the operational tooling Articles 30, 15‑21, 33‑34 and 35 require: a structured RoPA register, a DSAR workflow with deadline tracking, a breach log with 72‑hour countdown and a WP248 DPIA methodology. Consult your DPO or legal counsel for a complete assessment.
How is this different from Odoo’s built‑in privacy features?
Odoo 19 includes privacy_consent for cookie banners. It does not include a RoPA register, DSAR workflow, breach log, DPIA methodology, retention enforcement or a compliance dashboard. This suite fills those gaps with purpose‑built modules that integrate with Odoo’s security and portal frameworks.
Do I need an external SaaS subscription for this to work?
No. Everything runs inside your Odoo instance. No data is sent to external servers and no third‑party API keys are required. This matters for Schrems II: if your Odoo instance is hosted in the EU, your GDPR data stays in the EU. The optional Fernet encryption key is a server‑level environment variable you control.
What happens when a DSAR deadline is missed?
When the 30‑day deadline passes without the request being closed, the DSAR record turns red and an overdue notification is sent to the assigned DPO. You can grant a 30‑day extension under Art.12(3) with mandatory notification to the data subject, which resets the deadline clock.
Can this handle multiple companies in one database?
Yes. Strict Odoo record rules segregate GDPR data per company. A DPO for Company A cannot see the RoPA records, DSAR requests or breach logs of Company B. Each legal entity can have its own DPO configuration, enforced at the database level rather than the UI.
Is there Spanish (AEPD / LOPDGDD) support?
The module includes Spanish supervisory authority (AEPD) details and LOPDGDD 3/2018 references, and field labels are ready for translation. The workflows follow the EU‑wide GDPR. For AEPD‑specific report templates beyond what is included, contact FlexigoTech for a customisation quote.
What about encryption? Is my breach data secure?
Sensitive fields in the DSAR and Breach Log modules support Fernet symmetric encryption at rest. Set the GDPR_FERNET_KEY environment variable on your Odoo server and those fields are encrypted before writing to the database. The audit log is append‑only: create is allowed; write and delete raise AccessError.
Ready to bring GDPR inside your Odoo?
Install GDPR Compliance Suite today from the Odoo Apps Store, or talk to our team about a deployment.
Contact comercial@flexigotech.comFlexigoTech · Built for Odoo 19 partners · flexigotech.com
Odoo Proprietary License v1.0 This software and associated files (the "Software") may only be used (executed, modified, executed after modifications) if you have purchased a valid license from the authors, typically via Odoo Apps, or if you have received a written agreement from the authors of the Software (see the COPYRIGHT file). You may develop Odoo modules that use the Software as a library (typically by depending on it, importing it and using its resources), but without copying any source code or material from the Software. You may distribute those modules under the license of your choice, provided that this license is compatible with the terms of the Odoo Proprietary License (For example: LGPL, MIT, or proprietary licenses similar to this one). It is forbidden to publish, distribute, sublicense, or sell copies of the Software or modified copies of the Software. The above copyright notice and this permission notice must be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Please log in to comment on this module