English

GDPR-Compliant Personal Data Management: A Blockchain-based Solution

Cryptography and Security 2019-10-22 v2

Abstract

The General Data Protection Regulation (GDPR) gives control of personal data back to the owners by appointing higher requirements and obligations on service providers who manage and process personal data. As the verification of GDPR-compliance, handled by a supervisory authority, is irregularly conducted; it is challenging to be certified that a service provider has been continuously adhering to the GDPR. Furthermore, it is beyond the data owner's capability to perceive whether a service provider complies with the GDPR and effectively protects her personal data. This motivates us to envision a design concept for developing a GDPR-compliant personal data management platform leveraging the emerging blockchain and smart contract technologies. The goals of the platform are to provide decentralised mechanisms to both service providers and data owners for processing personal data; meanwhile, empower data provenance and transparency by leveraging advanced features of the blockchain technology. The platform enables data owners to impose data usage consent, ensures only designated parties can process personal data, and logs all data activities in an immutable distributed ledger using smart contract and cryptography techniques. By honestly participating in the platform, a service provider can be endorsed by the blockchain network that it is fully GDPR-compliant; otherwise, any violation is immutably recorded and is easily figured out by associated parties. We then demonstrate the feasibility and efficiency of the proposed design concept by developing a profile management platform implemented on top of the Hyperledger Fabric permissioned blockchain framework, following by valuable analysis and discussion.

Keywords

Cite

@article{arxiv.1904.03038,
  title  = {GDPR-Compliant Personal Data Management: A Blockchain-based Solution},
  author = {Nguyen Binh Truong and Kai Sun and Gyu Myoung Lee and Yike Guo},
  journal= {arXiv preprint arXiv:1904.03038},
  year   = {2019}
}

Comments

16 pages; 8 figures; accepted to be published at IEEE Transactions on Information Forensics and Security

R2 v1 2026-06-23T08:30:27.978Z