gdpr-tracker

by privacyradius

privacyradius /gdpr-tracker

A crowdsourced directory tracking the GDPR compliance of cloud services and subprocessors

136 Stars 59 Forks Last release: Not found MIT License 305 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:

GDPR Tracker

GDPR Tracker is a crowdsourced directory that makes it easier for companies and consumers to keep track of the data handling practices of their subcontractors and cloud services in real-time.

This repository holds all the services displayed in the directory. We strongly believe that data handling practices should be easily available to business & customers.

How to add a service?

You can add a service by following the contribution guidelines.

Format

We use JSON Schema to validate the data and to maintain a high level of data quality. Please find the schema at the following location.

| Field | Type | Format | Required | Options | Description | |---------------------|---------|------------------|----------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------:|---------------------------------------------------------------------------:| | id | string | | * | | Unique id to identify the company | | name | string | | * | | Name of the company | | description | string | | * | | Description of the service | | website | string | url | * | | Website of the service | | applicationUrl | string | url | * | | Application of the service | | categories | array | | * | | Categories that the service belongs to | | iconUrl | string | url | * | | URL to the icon of the service (recommended size 400x400px). Must be HTTPS | | countryHQ | string | ISO ALPHA-2 code | * | | Country of HQ | | gdprReadyStatus | enum | | * | unknown
inProgress
ready
nonCompliant | GDPR readiness status of this service | | privacyUrl | string | url | | | Link to privacy policy | | dsarUrl | string | url | | | Data Subject Access Rights Form URL | | dpaUrl | string | url | | | Data Processing Agreement URL | | subprocessorsUrl | string | url | | | Subprocessors overview URL | | dataCenters | array | | | | Locations where data is hosted | | hostingProviders | array | | | | Hosting providers | | contacts | array | | | | Appointed DPOs or privacy officers per region, we only support 3 types DPO, Privacy Officer, Other| | certifications | enum | | | - ISO 27001
- ISO 27002
- ISO 27017
- ISO 27018
- C5
- PCI DSS Level 1
- PCI DSS Level 3.1
- PCI DSS Level 3.2
- PCI DSS Level 4.0
- SOC 1
- SOC 2 Type I
- SOC 2 Type II
- SOC 3
- HIPAA
- HITECH
- RESO
- ISAE 3000
- EU-U.S. Privacy Shield
- Swiss-U.S. Privacy Shield
- CSA
- OpenID
- TRUSTe Enterprise Privacy Certification
- SOX | Certifications | | dataBreaches | array | | | | Reported data breaches | | articles | array | | | | GDPR & privacy related articles | | bugBountyProgramUrl | string | url | | | Link to bug bounty program | | statusUrl | string | url | | | Link to status page | | statusTwitter | string | | | | Twitter account that communicates about service status & uptime | | businessModel | array | | | - B2B
- B2C
- B2B2C | Business model | | verified | boolean | | | | Verified by company representative |

Example

{
  "id": "acme",
  "name": "Acme",
  "description": "CRM & Customer platform for SMBs",
  "categories": [
    "CRM", 
    "Customer Support"
  ],
  "iconUrl": "https://pbs.twimg.com/profile_images/922908923207839744/5EZID3tH_400x400.jpg",
  "website": "https://www.acmesaas.com",
  "applicationUrl": "https://app.acmesaas.com",    
  "twitter": "acme",
  "countryHQ": "US",
  "gdprReadyStatus": "inProgress",
  "privacyUrl": "https://www.acmesaas.com/privacy",
  "dsarUrl": "https://bs.gdprform.io",
  "dpaUrl": "https://www.acmesaas.com/dpa",
  "subprocessorsUrl": "https://www.acmesaas.com/subprocessors",
  "dataCenters": [
    "EU"
  ],
  "hostingProviders": [
    "AWS", 
    "Digital Ocean"
  ],
  "contacts": [
    {
      "type": "DPO",
      "name": "John Doe",
      "email": "[email protected]",
      "region": "EU"
    }, 
    {
      "type": "DPO",
      "name": "Tim Doe",
      "email": "[email protected]",
      "region": "US"
    }
  ],
  "certifications": [
    "ISO 27001", 
    "HIPAA"
  ],
  "dataBreaches": [
    {
      "date": "10/12/2017",
      "url": "https://www.beatswtich.com/breach"
    }
  ],
  "articles": [
    {
      "date": "02/12/2018",
      "url": "https://www.beatswtich.com/gdpr"
    }
  ],
  "bugBountyProgramUrl": "https://www.beatswtich.com/bounty-program",
  "statusUrl": "https://www.beatswtich.com/status",
  "statusTwitter": "beatswitchstatus",
  "securityUrl": "https://www.beatswtich.com/security",
  "businessModel": ["B2C"]
  "verified": true
}

Removal

If you want your service to be removed from the tracker, send in a pull request with the reason stated.

License

MIT License. Please see the license file for more information.

About

Made in Belgium πŸ‡§πŸ‡ͺ Europe πŸ‡ͺπŸ‡Ί

The GDPR Tracker is created by Privacy Radius. Privacy Radius is a European provider of AI-powered data and privacy solutions to help companies create trusted environments to protect consumers' privacy and data rights.

Disclaimer

We do our best to ensure that the data we provide is complete, accurate and useful. However, because we do not verify all the data, and because the processing required to make the data useful is complex, we cannot be liable for omissions or inaccuracies.

Links

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.