Meet Fidesctl: Privacy Policies as Code
Join the waitlist to get started with our free, hosted version!
Fides (fee-dhez, Latin: Fidēs) is an open-source tool that allows you to easily declare your systems' privacy characteristics, track privacy related changes to systems and data in version control, and enforce policies in both your source code and your runtime infrastructure.
🚀 Quick Start
Fides is capable of generating a series of YAML configuration files to represent your stored data, processes, and organizations. These configuration resources can then be exported into both a data map, and an Article 30-compliant Record of Processing Activities (RoPA).
This guide will walk through generating a mock RoPA using predefined resources included in the Fides repository.
dockerand installed locally, and clone the Fides repo.
From the root fides directory, run the following commands:
nox -s dev
This will spin up the entire project and open a shell within the
Once you see the
fides#prompt (takes ~3 minutes the first time), you can run the next command:
This builds the required images, spins up the database, and runs the initialization scripts.
fidesctl apply demo_resources/ fidesctl export datamap --output-dir demo_resources/
applythe provided demo resources, and
.xlsxfile of their contents to the
View the newly-generated data map generated from the provided resources.
The header block at the top of the data map is composed of properties found in the [Organization resource](/demo_resources/demo_organization.yml). In a production deployment, this would be composed of publicly available information for your company or organization.
Article 30 Record of Processing Activities
The remainder of the information on the data map is generated from the provided [configuration resources](https://ethyca.github.io/fides/language/resources/system.md). In a production environment, these could be [automatically generated](https://ethyca.github.io/fides/guides/generate_resources/) from your databases and system resources. The [Dataset resource](demo_resources/demo_dataset.yml) is primarily used to provide a list of categories of personal data, recorded here using the [Fides taxonomy](https://github.com/ethyca/fideslang), that your systems store or process, as well as their retention policies. Any Datasets referenced by a System will have this information included as rows of your data map. The [System resource](demo_resources/demo_system.yml) describes anything that processes data for your organization, such as applications, services, and third party APIs. In the resulting data map, this populates system-relevant items like the purpose of processing and use, as well as categories of individual the data pertains to. Together, these configuration files build out an initial map of RoPA-required data and resources.
Assess the Organization and System datasets using the
fidesctl evaluate demo_resources/ --audit
This command will identify any missing information in your resources, which should be added to generate a compliant Record of Processing Activities.
"Auditing Organization Resource Compliance" Found 1 Organization resource(s) to audit... Auditing Organization: Demo Organization controller for default_organization in Demo Organization is compliant data_protection_officer for default_organization in Demo Organization is compliant representative for default_organization in Demo Organization is compliant security_policy for default_organization in Demo Organization is compliant All audited organization resource(s) compliant! ---------- "Auditing System Resource Compliance" Found 2 System resource(s) to audit... "Auditing System: Demo Analytics System" improve.system missing recipients in Demo Analytics System. improve.system missing legal_basis in Demo Analytics System. improve.system missing special_category in Demo Analytics System. customer missing rights in Demo Analytics System. customer missing automated_decisions_or_profiling in Demo Analytics System. "Auditing System: Demo Marketing System" advertising missing recipients in Demo Marketing System. advertising missing legal_basis in Demo Marketing System. advertising missing special_category in Demo Marketing System. customer missing rights in Demo Marketing System. customer missing automated_decisions_or_profiling in Demo Marketing System. 10 issue(s) were detected in auditing system completeness.
--auditflags any empty fields, along with the System or Organization they belong to, and returns where or not the system is incomplete or fully compliant. In the above example, the Organization resource is compliant, but both the Marketing and Analytics systems are missing information that would be required in your RoPA.
Now that you've seen how Fides can generate a data map from your resources and assess them for compliance, learn how you can extend the Fides taxonomy to replace the missing values revealed by
--audit with additional data, and apply your changes to generate an Article 30-compliant RoPA.
📖 Learn More
The Fides core team is committed to providing a variety of documentation to help get you started using Fidesctl. As such, all interactions are governed by the Fides Code of Conduct.
For more information on getting started with Fides, how to configure and set up Fides, and more about the Fides ecosystem of open source projects:
- Documentation: https://ethyca.github.io/fides/
- Tutorial: https://ethyca.github.io/fides/tutorial/
- Installation: https://ethyca.github.io/fides/installation/installation/
- Roadmap: https://github.com/ethyca/fides/projects
- Website: www.ethyca.com/fides
Join the conversation on:
We welcome and encourage all types of contributions and improvements! Please see our contribution guide to opening issues for bugs, new features, and security or experience enhancements.
Read about the Fides community or dive into the development guides for information about contributions, documentation, code style, testing and more. Ethyca is committed to fostering a safe and collaborative environment, such that all interactions are governed by the Fides Code of Conduct.
The Fides ecosystem of tools (Fidesops and Fidesctl) are licensed under the Apache Software License Version 2.0. Fides tools are built on Fideslang, the Fides language specification, which is licensed under CC by 4.
Fides is created and sponsored by Ethyca: a developer tools company building the trust infrastructure of the internet. If you have questions or need assistance getting started, let us know at email@example.com!