django-gdpr-assist

GDPR tools for Django sites


Keywords
django, gdpr
License
BSD-3-Clause
Install
pip install django-gdpr-assist==1.3.0

Documentation

django-GDPR-assist

Tools to help manage your users' data in the age of GDPR

https://github.com/wildfish/django-gdpr-assist

https://travis-ci.org/wildfish/django-gdpr-assist.svg?branch=master https://coveralls.io/repos/wildfish/django-gdpr-assist/badge.svg?branch=master&service=github https://readthedocs.org/projects/django-gdpr-assist/badge/?version=latest

Features

  • Find, export and anonymise personal data to comply with GDPR requests
  • Track anonymisation and deletion of personal data to replay after restoring backups
  • Anonymise all models to sanitise working copies of a production database

Supports Django 2.2 to 4.0, on Python 3.6 to 3.10.

See the full documentation for details of how GDPR-assist works; in particular:

  • Installation - how to install
  • Usage - overview of how to use it with your project
  • Upgrading - what has changed from previous versions and how to upgrade
  • Contributing - how to contribute to the project

Quickstart

Install with pip install django-gdpr-assist, add gdpr_assist to Django's INSTALLED_APPS and add a gdpr_log definition to DATABASES.

Then start adding privacy metadata to your models:

class Comment(models.Model):
    name = models.CharField(max_length=255, blank=True)
    age = models.IntegerField(null=True, blank=True)
    message = models.TextField()

    class PrivacyMeta:
        fields = ['name', 'age']
        search_fields = ['name']
        export_fields = ['name', 'age', 'message']

This will allow you to anonymise and export data in this model using the standard gdpr-assist admin tool. You can also configure anonymisation or deletion of a related model to trigger anonymisation of your model, and can manually register a PrivacyMeta for third-party models without modifying their code.

Anonymisation and deletion events for models registered with gdpr-assist are logged for replay after a backup restoration with the gdpr_rerun management command. When you need to work with a copy of the production data, there is also the anonymise_db command, which will anonymise the whole database.