Litcius/Paper detail

Olympus: a GDPR compliant blockchain system

Ricardo Martins Gonçalves, Miguel Mira da Silva, Paulo Rupino da Cunha

2023International Journal of Information Security15 citationsDOIOpen Access PDF

Abstract

Abstract Blockchain has been gaining significant interest in several domains. However, this technology also raises relevant challenges, namely in terms of data protection. After the General Data Protection Regulation (GDPR) has been published by the European Union, companies worldwide changed the way they process personal data. This project provides a model and implementation of a blockchain system to store personal data complying with GDPR. We examine the advantages and challenges and evaluate the system. We use Hyperledger Fabric as blockchain, Interplanetary File System to store personal data off-chain, and a Django REST API to interact with both the blockchain and the distributed file system. Olympus has three possible types of users: Data Subjects, Data Processors and Data Controllers and a fourth participant, Supervisor Authority, that, despite not being an explicit role, can perform all verifications that GDPR mandates. We conclude that it is possible to create a system that overcomes the major challenges of storing personal data in a blockchain (Right to be Forgotten and Right to Rectification), while maintaining its desirable characteristics (auditability, verifiability, tamper resistance, distributed—remove single points of failure) and complying with GDPR.

Topics & Concepts

BlockchainGeneral Data Protection RegulationComputer scienceComputer securityProcess (computing)File systemEuropean unionData Protection Act 1998BusinessOperating systemEconomic policyBlockchain Technology Applications and SecurityPrivacy-Preserving Technologies in DataPrivacy, Security, and Data Protection