Design principles for constructing GDPR-compliant blockchain solutions

摘要

Blockchain is an incipient technology that offers several advantages over traditional systems, such as decentralization, transparency and traceability. The architecture and characteristics specific to this technology shall, however, have consequences on how personal data is stored and processed. We present a detailed analysis of the European data protection regulation and discuss the weaknesses and strengths of solutions built using blockchain technology regarding the security and privacy requirements established by that regulation. We study the integration of off-chain capabilities in blockchain-based solutions and put forward a methodological framework that can be used to design secure and privacy aware information systems that combine operational off-chain constructs with traditional blockchain functionalities.