At this moment, we are working on the Dutch-language website. Apologies for any inconvenience.


Close your privacy gap with OpenGDPR

The new open-source framework OpenGDPR has been launched for handling data subject access requests.

| 2 minutes read
   |    2 minutes read

Deel dit artikel

Close your privacy gap with OpenGDPR

To calm the initial panic that preceded the implementation of GDPR, numerous organizations took the opportunity to offer services that will make all of us GDPR-compliant. Now, a few months later, only a minority of companies seem to have availed themselves of these services. Rather than spending significant amounts of money on tailor-made solutions, they prefer to whip up their own solution using standard tools offered through the internet. With standard, agile cloud and SaaS solutions being more popular than ever, we can’t blame them.

Ad-tech companies

The abundance of GDPR compliance tools, templates and schemes to draw up your very own processing protocols and agreements has been supplemented by an interesting tool called OpenGDPR. It was announced recently by the International Association of Privacy Professionals, IAPP, and seems to gain momentum. Customer data platform mParticle joined forces with engagement platform Braze and analytics platforms Amplitude and AppsFlyer to create OpenGDPR, an open-source framework created to help organisations handle data subject access requests. It sets a common framework for brands and technology companies to cooperate around the fair and transparent use of consumer data.

Interoperable systems

The OpenGDPR specification defines a common approach for data Controllers and Processors to build interoperable systems for tracking and fulfilling Data Subject requests as defined under the new EU regulation. In short, this specification is intended to:

  • Provide a well-defined JSON specification (JavaScript Object Notation) that allows Controllers and Processors to communicate and manage Data Subject access, portability and erasure requests in a uniform and scalable manner.
  • Provide strong cryptographic verification of request receipts to provide chain of processing assurance and demonstrate accountability to regulatory authorities.
  • Provide for a callback mechanism to enable Controllers to track the status of all Data Subject requests.

We realise that, having said all this, may give rise to more questions than answers. To help you tinker your way through it all, we kindly ask for a little patience as we will elaborate on OpenGDPR in our next two blogs or so. Until then, there is no reason for panic. After all, the controlling authorities concerned haven’t exactly been scattering sanctions so far.

For further information, feel free to ask your question or call us at +31 (0)35 699 06 99

Share this article

Subscribe to our newsletter and stay up to date

Have a question or feel inspired?

If you have any questions about this blog or just want to talk about how to organize your IT processes, give us a call at +31 35 699 06 99 or send a message to

We would love to help you develop your business further.