ClearGDPR is a backend framework that allows web applications to comply with the new General Data Protection Regulation - GDPR.
ClearGDPR focuses on data privacy, transparency, integrity and availability for the users of a web application, and applies Blockchain technology to achieve those at a high level.
ClearGDPR was built on top of Quorum, a Blockchain that extends Ethereum and is focused in privacy and transparency. In ClearGDPR, Blockchain technology is used as an immutable audit log.
ClearGDPR offers a front-end SDK and an HTTP API in order to allow your web application to manage personal user data according to the GDPR articles.
ClearGDPR can be implemented in 2 different ways:
- ElementSDK - set of ReactJS component, recommended, simplest.
- HTTP API - There's a Postman HTTP requests collection to facilitate the initial interaction with the HTTP API.
Finally, ClearGDPR is a containerized solution, applying Docker containers, images, services, volumes and networks.
- Architecture
- Requirements
- Quick Start
- Integrations
- Further reading
- Troubleshooting
- Roadmap
- License
- Contributing
project root
├─ admin # Admin UI to manage the controller
├─ api # Code for the ClearGDPR API implementation
├─ cg # Code for the ClearGDPR API implementation
├─ docker # Helpers for docker run, stop, start.
├─ frontend # demo front-end integrating ClearGDPR ElementSDK
├─ packages
├─ js-sdk # Code for the ClearGDPR JS SDK implementation
└─ element-sdk # Code for the ClearGDPR ElementSDK implementation
├─ quorum # Blockchain related docker images and helper tools
├─ travis # Scripts used on the CI server
├─ website # ClearGDPR public website
- NodeJS v7.6+
- Yarn
- Docker
- Docker-Compose
Before proceeding, follow the installation guide to install all requirements.
The docker-compose.yml contains configuration for a reference development environment of one Data Controller and one Data Processor and all required dependencies.
The wizard will setup all the dependencies and demo website for you. Please follow the command line prompt.
node setup.js
Once the setup is done, you will have access to:
- http://localhost:3000 - Demo Website
- http://localhost:4000 - ClearGDPR Admin (pwd admin/clearGDPR)
- http://localhost:8082 - ClearGDPR API
Docker is used for each part of the project, you can run all of them in watch (with nodemon) and development mode:
docker/run
Please make sure you ran node setup.js before.
Coming soon.
Coming soon.
Coming soon.
The API uses "Bearer Authentication", in which the users must bear a valid Jason Web Token - JWT, in order to access the HTTP API. The system considers 3 types of users:
- subject. A user of your website/app who will store his personal data into the website/app.
- manager. A management user who has admin access to the system in you company.
- processor. A management user who has admin access to the system in a 3rd party data partner.
Here's an example HTTP request to list all the companies who are 3rd party data partners (a.k.a processors) with your company:
curl -X GET \
<ClearGDPR_API_URL>/api/subject/processors \
-H 'Authorization: Bearer <JWT>' \
-H 'Cache-Control: no-cache' \
-H 'Content-Type: application/json'
Soon.
- ClearGDPR API https://gist.github.com/Nelrohd/6c3e554ea0dcfea27784fa21dc5e4586
- Demo website (create/login user) https://gist.github.com/Nelrohd/e9d0bc833dd5cf4216eafd4b214e482e
Each part of the project has additional README documentation in its subfolder:
- Quorum nodes README
- ClearGDPR (CG) API README
- Docker definitions README
- Demo backend README
- Demo frontend README
- Updating Travis Configuration
See the Troubleshooting guide
Development deployHTTP API support for the right to consent and right to be forgotten(complete erasure)All events related to users data are written succesfully to the blockchainQuorum smart contract that stores the state of processors and controllersProcessor run mode and controller run mode, with events propagated between nodes through the blockchain smart contractExample UI with registration/consent and erasure abilitiesEncryption of all personal data on CG nodesRobust integration test suite of CG nodes for both processor and controller modeAdmin dashboard design + front-end code (configuration, subject & processor status)Automataic Quick Start scriptInteractive Quick Start wizardAdmin dashboard hooked up to controller state via the CG apiHTTP API support for the remaining GDPR article actions/rightsMore granular controls of consent/revoking of data (ie. which data can be shared specifically)End-2-End test suite of controller/processor interactions via blockchainSDK for implementing ClearGDPR from your frontend- Evolving functionalities, upgradability and security in the smart contract
- Stage/Production deploy
- Usage of Quorum’s custom privateFor method to whitelist nodes that are privy to specific events
- Complete documentation
- Drop in wordpress plugin
- Commercial middleware plugin(s)
This project is licensed under GNU LGPL LICENSE
See Contributing
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent