Uropa is a standard protocol designed to help companies and their Data Protection Officers (DPOs) or Chief Privacy Officers (CPOs) to comply with the legal requirements related to privacy laws from around the world.
Uropa defines how to write and document data processing activities in a machine readable format.
It is modeled on the Open API Specification.
Technological industries are increasingly subject to data protection laws being created by more and more countries.
These laws require companies demonstrate their compliance. In particular, the GDPR requires companies to maintain Records of Processing Activities (ROPA) that are an accurate reflection of how a company processes the Personally Identifying Information (PII) that it collects.
We believe that ROPA are the cornerstone of the data protection process.
Because companies rely on static tools to maintain their ROPA (such as Excel sheet, yes we know đ), their ROPA donât reflect the reality of the companyâs processing.
Uropa aims to address this issue with a universal and interoperable machine-readable record of processing.
Our goal is twofold, we want to:
Uropa is meant to be used by persons editing data processing records. These persons could be:
Depending on who you are, Uropa is going to be used in different ways.
As DPO or CTO wanting to just document your compliance, youâll be able to write documents following the Uropa standards. Practically speaking, this means youâll copy-paste the structure of a processing record from our github repository into your favorite IDE or text editor and youâll save it in a JSON file (you crazy person! đ€Ż) .
This way, you are prepared for the future (Congrats! đ). One day, when your company wants to enable the full power of this data format, youâll be able to directly import all of your work in a global governance dedicated software solution. Youâll reuse all of the fruits of your efforts to adopt a DevRegOps approach. You will also prepare for the future team of privacy engineers to take the floor and make their work easier because theyâll link the IT systems to your processing records, so that everything related to your privacy and data protection compliance becomes stateful (đ).
As a Developer or a CTO of a company developing a software product (especially those aiming at editing processing records), youâll be likely to love the unlimited possibilities of export and import that Uropa offers to you. Interoperability will become real between your processing records editing software and other systems.
Additionally, processing records contain a lot of useful information for other types of software, including those related to cybersecurity or marketing.
As a Developer working on a homemade project for your company, you might want to automate or script some actions to complete a business workflow, be it related to privacy or not. To do so, youâll be able to consume APIs providing information contained in processing records under a format respecting the Uropa standards.
With Uropa, you get the best of both the IT and legal worlds (đ€đ¶) so you can serve your business and respect your customersâ privacy (so wonderful, isnât it đ„Č?).
Uropa is defined using JSON. No other technology is required to use this protocol.
All of the objects composing the processing record are detailed in the Uropa project documentation
If you want to participate in the project, or if youâre interested in making the work a more privacy respectful place, feel free to join our Developers and Privacy Discord Server
Uropa is an open source project initially co-created by two French startups: Alias.dev and Leto.legal.
Uropa standard is open source and may be used under the terms of the MIT License.