3f-solutions - Redact

3f-solutions – Redact is a fully configurable compliance extension for Microsoft Dynamics 365 Finance & Operations that brings structured personal data management into your ERP system. Define which fields contain personal data, attach legal grounds and retention rules, automate scheduled deletion or anonymization runs, manage data subject requests end to end, erase a single named person on demand, enforce a subject's opt-out across all future processing, and generate Art. 15 GDPR access reports and Art. 20 portability exports on demand — all through a dedicated configuration interface, with no changes to standard source code and full auditing throughout.

Who benefits

Data Protection Officers, compliance managers, and IT administrators in organizations that process personal data in Dynamics 365 Finance & Operations. Redact gives compliance teams direct, audited control over the personal data lifecycle — and lets them answer data subject requests within statutory deadlines — without depending on developer resources for every policy change.

The problem it solves

Personal data accumulates across customers, vendors, employees, and contacts at enterprise scale. Enforcing retention schedules, executing deletion or anonymization on time, honoring objections and erasure requests, and answering data subject access requests in a documented, role-secured way is too often left to manual effort or one-off custom code. Manual processes are error-prone and hard to audit; custom code is costly and risky to maintain.

3f-solutions – Redact closes this gap with a rule-based, fully audited data lifecycle engine that compliance teams configure and operate themselves — by configuration alone, not custom code.

Key capabilities

Data lifecycle & retention

• Configurable personal data field definitions — no code required
• Retention classes with legal grounds, triggers, and conflict rules
• Automated deletion, anonymization, and pseudonymization runs
• Dry-run mode to validate configuration before any data is changed
• Cross-company conflict detection and attachment handling

Data subject rights

• Data subject request (DSR) case management — a managed case folder per request (Access, Erasure, Portability, Consent withdrawal) with automatic reply-deadline calculation (Art. 12(3)), optional extension, and an enforced status workflow
• On-demand erasure (Art. 17) — erase one named subject immediately, with per-field precision, driven from an Art. 15 report; handles a person who is customer and vendor across all selected roles in a single audited run
• Opt-out & re-creation blocklist (Art. 7(3) / Art. 18) — make a subject's objection enforceable across future processing, storing only salted hashes (never cleartext); a periodic re-creation sweep detects and re-redacts re-created records
• Data portability export (Art. 20) — machine-readable JSON of the subject-provided data, ready to hand over
• Art. 15 GDPR data subject access reports on demand

Integration, audit & rollout

• “Subject redacted” business event for integration with Power Automate and the F&O connector — opt-in, with no PII in the payload
• Full audit log with configurable retention, role-based access, and recording of opt-out decisions and per-node erasure entries
• Setup export/import and ready-to-import starter packages (Light / Medium / Full) for fast, idempotent rollout across systems and legal entities