ClearGDPR Platform

Introduction

ClearGDPR is a backend framework that allows web applications to comply with the new General Data Protection Regulation - GDPR.

ClearGDPR focuses on data privacy, transparency, integrity and availability for the users of a web application, and applies Blockchain technology to achieve those at a high level.

ClearGDPR was built on top of Quorum, a Blockchain that extends Ethereum and is focused in privacy and transparency. In ClearGDPR, Blockchain technology is used as an immutable audit log.

ClearGDPR offers a front-end SDK and an HTTP API in order to allow your web application to manage personal user data according to the GDPR articles.

ClearGDPR can be implemented in 2 different ways:

• ElementSDK - set of ReactJS component, recommended, simplest.
• HTTP API - There's a Postman HTTP requests collection to facilitate the initial interaction with the HTTP API.

Finally, ClearGDPR is a containerized solution, applying Docker containers, images, services, volumes and networks.

Table of contents

• Architecture
  • Project structure
• Requirements
• Quick Start
  • Full Installation Setup
  • Development Mode
• Integrations
  • Element SDK
    • Demo
    • Installation
    • Code Example
  • HTTP API
    • Example
    • Documentation
      • Website
      • Postman Collections
• Further reading
• Troubleshooting
• Roadmap
• License
• Contributing

Architecture

Project structure

project root
├─ admin                      # Admin UI to manage the controller
├─ api                        # Code for the ClearGDPR API implementation
├─ cg                         # Code for the ClearGDPR API implementation
├─ docker                     # Helpers for docker run, stop, start.
├─ frontend                   # demo front-end integrating ClearGDPR ElementSDK
├─ packages
  ├─ js-sdk                   # Code for the ClearGDPR JS SDK implementation
  └─ element-sdk              # Code for the ClearGDPR ElementSDK implementation
├─ quorum                     # Blockchain related docker images and helper tools
├─ travis                     # Scripts used on the CI server
├─ website                    # ClearGDPR public website

Requirements

• NodeJS v7.6+
• Yarn
• Docker
• Docker-Compose

Before proceeding, follow the installation guide to install all requirements.

Quick Start

The docker-compose.yml contains configuration for a reference development environment of one Data Controller and one Data Processor and all required dependencies.

Full Installation Setup

The wizard will setup all the dependencies and demo website for you. Please follow the command line prompt.

node setup.js

Once the setup is done, you will have access to:

• http://localhost:3000 - Demo Website
• http://localhost:4000 - ClearGDPR Admin (pwd admin/clearGDPR)
• http://localhost:8082 - ClearGDPR API

Development Mode

Docker is used for each part of the project, you can run all of them in watch (with nodemon) and development mode:

docker/run

Please make sure you ran node setup.js before.

Integrations

Element SDK

Demo

Coming soon.

Installation

Coming soon.

Code Example

Coming soon.

HTTP API

Example

The API uses "Bearer Authentication", in which the users must bear a valid Jason Web Token - JWT, in order to access the HTTP API. The system considers 3 types of users:

• subject. A user of your website/app who will store his personal data into the website/app.
• manager. A management user who has admin access to the system in you company.
• processor. A management user who has admin access to the system in a 3rd party data partner.

Here's an example HTTP request to list all the companies who are 3rd party data partners (a.k.a processors) with your company:

curl -X GET \
  <ClearGDPR_API_URL>/api/subject/processors \
  -H 'Authorization: Bearer <JWT>' \
  -H 'Cache-Control: no-cache' \
  -H 'Content-Type: application/json'

Documentation

Website

Soon.

Postman Collections

• ClearGDPR API https://gist.github.com/Nelrohd/6c3e554ea0dcfea27784fa21dc5e4586
• Demo website (create/login user) https://gist.github.com/Nelrohd/e9d0bc833dd5cf4216eafd4b214e482e

Further reading

Each part of the project has additional README documentation in its subfolder:

• Quorum nodes README
• ClearGDPR (CG) API README
• Docker definitions README
• Demo backend README
• Demo frontend README
• Updating Travis Configuration

Troubleshooting

See the Troubleshooting guide

Roadmap

• Development deploy
• HTTP API support for the right to consent and right to be forgotten(complete erasure)
• All events related to users data are written succesfully to the blockchain
• Quorum smart contract that stores the state of processors and controllers
• Processor run mode and controller run mode, with events propagated between nodes through the blockchain smart contract
• Example UI with registration/consent and erasure abilities
• Encryption of all personal data on CG nodes
• Robust integration test suite of CG nodes for both processor and controller mode
• Admin dashboard design + front-end code (configuration, subject & processor status)
• Automataic Quick Start script
• Interactive Quick Start wizard
• Admin dashboard hooked up to controller state via the CG api
• HTTP API support for the remaining GDPR article actions/rights
• More granular controls of consent/revoking of data (ie. which data can be shared specifically)
• End-2-End test suite of controller/processor interactions via blockchain
• SDK for implementing ClearGDPR from your frontend
• Evolving functionalities, upgradability and security in the smart contract
• Stage/Production deploy
• Usage of Quorum’s custom privateFor method to whitelist nodes that are privy to specific events
• Complete documentation
• Drop in wordpress plugin
• Commercial middleware plugin(s)

License

This project is licensed under GNU LGPL LICENSE

Contributing

See Contributing