Public services in Greenland, Sweden and soon maybe even Germany are reusing OS2datascanner, Denmark’s GDPR compliance scanner. The software generates reports on compliance with Europe’s data protection and privacy rules, and enables users - public servants - to take action.

The OS2datascanner spots sensitive data in emails, files and other data sources, stored either locally or on cloud-based platforms, including Microsoft’s Office365, SharePoint and Teams, and file sharing services such as Dropbox and Google Drive.

The solution is being developed by Magenta, a Danish open source specialist, for OS2, the country’s community of public services that are pooling their efforts in the development of open source tools.

Developers at Magenta are currently readying the integration of OS2datascanner with Grafana, an open source data analytics and reporting tool. This will allow public services to use OS2datascanner without having to create links to any proprietary reporting tools. “Once we have support for Grafana complete, the OS2datascanner will be completely autonomous,” says project manager Thomas Ottosen.

Keeping no copies

The software can be configured to create reports for parts of an organisation, such as a department or a unit. It can also report to individual staff members, showing them which email message or file contains, for example, a social security number or other personal data that should not be kept or archived. The reports also point out files that under GDPR-rules are likely too old to be kept.

The OS2datascanner does not create copies or new records. The data is scanned and kept only in memory, and for its reports it simply points to the original files and (email) records. Users can click on links to access files and emails, and then decide what action to take.

OS2datascanner is already used by 12 municipalities in Denmark, including the cities of Ballerup, Slagelse and Vordingborg. The open nature of the software makes it easy for Danish public services to share and improve the rules on which they base the GDPR scans of their files and email archives. “This is one of the obvious benefits of open source,” says Mr Ottosen.

Outside Denmark, the software is used by the tax authorities of Greenland, and in Sweden one municipality is about to start a pilot project. Magenta and the Danish Trade Council have recently started reaching out to public services in Germany.

Designed for reuse

The tool was designed with international reuse in mind, according to Mr Ottosen. “Tailoring the software to other countries will take some work, because each country has its own rules,” he told OSOR. “In Denmark a social security number is considered very sensitive. In other countries it might be other types of numbers, or other records.”

The software can easily be set up for testing and pilots. Next to sharing all of the source code as open source, Magenta is making the tool available in an Ubuntu container, ready for use.

More information:

OS2datascanner