Close your privacy gap with OpenGDPR


To calm the initial panic that preceded the implementation of GDPR, numerous organisations took the opportunity to offer services that will make all of us GDPR-compliant. Now, a few months later, only a minority of companies seem to have availed themselves of these services. Rather than spending significant amounts of money on tailor-made solutions, they prefer to whip up their own solution using standard tools offered through the internet. With standard, agile cloud and SaaS solutions being more popular than ever, we can’t blame them.
 

Ad-tech companies

The abundance of GDPR compliance tools, templates and schemes to draw up your very own processing protocols and agreements has been supplemented by an interesting tool called OpenGDPR. It was announced recently by the International Association of Privacy Professionals, IAPP, and seems to gain momentum. Customer data platform mParticle joined forces with engagement platform Braze and analytics platforms Amplitude and AppsFlyer to create OpenGDPR, an open-source framework created to help organisations handle data subject access requests. It sets a common framework for brands and technology companies to cooperate around the fair and transparent use of consumer data.
 

Interoperable systems

The OpenGDPR specification defines a common approach for data Controllers and Processors to build interoperable systems for tracking and fulfilling Data Subject requests as defined under the new EU regulation. In short, this specification is intended to:
  • Provide a well-defined JSON specification (JavaScript Object Notation) that allows Controllers and Processors to communicate and manage Data Subject access, portability and erasure requests in a uniform and scalable manner.
  • Provide strong cryptographic verification of request receipts to provide chain of processing assurance and demonstrate accountability to regulatory authorities.  
  • Provide for a callback mechanism to enable Controllers to track the status of all Data Subject requests.
 
We realise that, having said all this, may give rise to more questions than answers. To help you tinker your way through it all, we kindly ask for a little patience as we will elaborate on OpenGDPR in our next two blogs or so. Until then, there is no reason for panic. After all, the controlling authorities concerned haven’t exactly been scattering sanctions so far.

 
GDPR, Privacy, Privacy Impact Assessment, Software

Comments