All Projects → opengdpr → Opendsr

opengdpr / Opendsr

Licence: other
A common framework enabling companies to work together to protect consumers' privacy and data rights.

Projects that are alternatives of or similar to Opendsr

Data Processing Agreements
Collection of Data Processing Agreement (DPA) and GDPR compliance resources
Stars: ✭ 110 (-62.71%)
Mutual labels:  gdpr, privacy, compliance
Gdpr Tracker
A crowdsourced directory tracking the compliance and security practices of cloud services and their subprocessors
Stars: ✭ 142 (-51.86%)
Mutual labels:  gdpr, privacy, compliance
Gdpr Checklist
The GDPR Checklist
Stars: ✭ 655 (+122.03%)
Mutual labels:  gdpr, privacy, compliance
fidesops
Privacy as Code for DSAR Orchestration: Privacy Request automation to fulfill GDPR, CCPA, and LGPD data subject requests.
Stars: ✭ 32 (-89.15%)
Mutual labels:  privacy, compliance, gdpr
Datadefender
Sensitive Data Management: Data Discovery and Anonymization toolkit
Stars: ✭ 79 (-73.22%)
Mutual labels:  gdpr, privacy, compliance
Databunker
Secure storage for personal records built to comply with GDPR
Stars: ✭ 122 (-58.64%)
Mutual labels:  gdpr, privacy, compliance
Awesome Iam
👤 Identity and Access Management Knowledge for Cloud Platforms
Stars: ✭ 186 (-36.95%)
Mutual labels:  gdpr, privacy
Wazuh Kibana App
Wazuh - Kibana plugin
Stars: ✭ 212 (-28.14%)
Mutual labels:  gdpr, compliance
Arx
ARX is a comprehensive open source data anonymization tool aiming to provide scalability and usability. It supports various anonymization techniques, methods for analyzing data quality and re-identification risks and it supports well-known privacy models, such as k-anonymity, l-diversity, t-closeness and differential privacy.
Stars: ✭ 398 (+34.92%)
Mutual labels:  open-source, privacy
Piwigo
Manage your photos with Piwigo, a full featured open source photo gallery application for the web. Star us on Github! More than 200 plugins and themes available. Join us and contribute!
Stars: ✭ 1,346 (+356.27%)
Mutual labels:  open-source, privacy
Tern
Tern is a software composition analysis tool and Python library that generates a Software Bill of Materials for container images and Dockerfiles. The SBoM that Tern generates will give you a layer-by-layer view of what's inside your container in a variety of formats including human-readable, JSON, HTML, SPDX and more.
Stars: ✭ 505 (+71.19%)
Mutual labels:  open-source, compliance
Mailcare
[MIRRORING REPOSITORY] See https://gitlab.com/mailcare/mailcare. MailCare is an open source disposable email address services. Accessible via web browser or API to protect your privacy right now.
Stars: ✭ 136 (-53.9%)
Mutual labels:  open-source, privacy
Goaccess
GoAccess is a real-time web log analyzer and interactive viewer that runs in a terminal in *nix systems or through your browser.
Stars: ✭ 14,096 (+4678.31%)
Mutual labels:  gdpr, privacy
Ml privacy meter
Machine Learning Privacy Meter: A tool to quantify the privacy risks of machine learning models with respect to inference attacks, notably membership inference attacks
Stars: ✭ 167 (-43.39%)
Mutual labels:  gdpr, privacy
Exifcleaner
Cross-platform desktop GUI app to clean image metadata
Stars: ✭ 305 (+3.39%)
Mutual labels:  open-source, privacy
Immudb
immudb - world’s fastest immutable database, built on a zero trust model
Stars: ✭ 3,743 (+1168.81%)
Mutual labels:  gdpr, compliance
Adguardbrowserextension
AdGuard browser extension
Stars: ✭ 1,018 (+245.08%)
Mutual labels:  open-source, privacy
lunasec
LunaSec - Dependency Security Scanner that automatically notifies you about vulnerabilities like Log4Shell or node-ipc in your Pull Requests and Builds. Protect yourself in 30 seconds with the LunaTrace GitHub App: https://github.com/marketplace/lunatrace-by-lunasec/
Stars: ✭ 1,261 (+327.46%)
Mutual labels:  compliance, gdpr
prowler
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. It contains hundreds of controls covering CIS, PCI-DSS, ISO27001, GDPR, HIPAA, FFIEC, SOC2, AWS FTR, ENS and custom security frameworks.
Stars: ✭ 8,046 (+2627.46%)
Mutual labels:  compliance, gdpr
havengrc
☁️Haven GRC - easier governance, risk, and compliance 👨‍⚕️👮‍♀️🦸‍♀️🕵️‍♀️👩‍🔬
Stars: ✭ 83 (-71.86%)
Mutual labels:  compliance, gdpr

OpenDSR Summary

Overview

This is an introductory document intended to provide a summary of the OpenDSR framework. For full reference details, please see the complete specification at https://github.com/OpenGDPR/OpenDSR. This project was formerly known as OpenGDPR and existed at https://www.OpenGDPR.org and https://github.com/OpenGDPR/OpenGDPR.

Goals and Scope

The OpenDSR specification defines a common approach for data Controllers and Processors to build interoperable systems for tracking and fulfilling Data Subject requests as defined under the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). To reduce confusion, this document uses the language and terminology of the GDPR.

This framework is intended to:

  1. Provide a well defined JSON specification that allows Controllers and Processors to communicate and manage Data Subject Requests (DSRs) in a uniform and scalable manner.
  2. Provide strong cryptographic verification of request receipts to provide chain of processing assurance and demonstrate accountability to regulatory authorities (Article 5.2).
  3. Provide for a callback mechanism to enable Controllers to track the status of all DSRs.

This specification does not cover:

  1. Defining the technical measures to describe the fulfill of Data Subject requests. It is the responsibility of each Data Controller and Data Processor to interpret and apply relevant regulatory analysis and expertise to honor DSRs (the text of the GDPR and CCPA).
  2. The protocol for communications between Controllers and Data Subjects.
  3. The protocol for communications between Controllers, Processors and Supervisory Authorities.
  4. The protocol for communication of the results of an access or portability request.

Roles and Request Lifecycles

Roles

Data Subject The person whose data is being collected and/or processed.

The CCPA refers to data subjects as 'consumers'.

Data Controller The Data Controller receives DSRs from the Data Subjects and validates them. The Controller submits requests to the Data Processors.

The CCPA refers to controllers as businesses.

Data Processor The Data processor acts on behalf of the controller and fulfills requests within the Controllers scope.

The CCPA refers to processors as service providers.

Request Sequence

This diagram outlines the flow of DSRs all the way from the data subject to the fulfillment by each Processor. This flow includes optional callbacks that allow the Controller to receive status changes.

protocol flow

  1. New Data Subject Request: The data subject files a request to the data controller containing appropriate information. Request may be of any type defined herein.
  2. Request Distribution: The controller verifies the request and if it will be honored, it is submitted to Processors.
  3. Request Fulfillment: The Processor fulfills their obligation within the scope of this request. For example, this may include deleting user data in the case of a deletion request.
  4. Request Status via Callback: The processor will submit status updates to the controller if callbacks are included in the request.
  5. Communication to the Data Subject: The Controller communicates the results to the data subject.

Request Types

The spec supports request types of “erasure”, "access" and “portability”. For all types, the details of how a processor fulfills the request is defined by the regulations and is out of scope for this specification. For access and portability requests, secure transmission of the resulting personal data is left up to the controller and processor.

API Summary

Endpoints

This is an overview of available HTTP methods for communicating between Controllers and Processors. The following endpoints should be provided by the Processor (to receive requests from the Controller).

Restful API endpoints for the resource "request":

HTTP Method Path Description Supported?
POST requests/ Create a new OpenDSR request Yes
GET requests/{RequestId} Retrieve status of a single OpenDSR request Yes
PUT requests/{RequestId} - No, requests cannot be updated after being created
DELETE requests/{RequestId} Cancel an OpenDSR request Yes, cancellation is valid in status “pending” only

Non-Restful endpoints:

HTTP Method Path Description Supported?
GET /discovery Processors describe their OpenDSR support Yes
POST /callback Sent by Processors when a request status changes Yes

Sample Request Object

Refer to the full specification for definitions of objects and fields.

{
 "subject_request_id":"a7551968-d5d6-44b2-9831-815ac9017798",
 "regulation": "gdpr",
 "subject_request_type":"erasure",
 "submitted_time":"2018-10-02T15:00:00Z",
 "subject_identities":[
   {
      "identity_type":"email",
      "identity_value":"[email protected]",
      "identity_format":"raw"
   }
 ],
 "api_version":"2.0",
 "status_callback_urls":[
   "https://example-controller.com/opendsr/callbacks"
 ]
}
Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].