General Data Protection Regulation Complied Blockchain Architecture for Personally Identifiable Information Management

摘要

The surveillance and confidentiality incidents of users' privacy invasion lead to questioning the current data collection procedures of third parties. Personally Identifiable Information (PII) is being abused for medical incidents, identity theft, spam, phishing, and cyber espionage. A large amount of data is flowing from users to companies for data-driven market analysis and forecasting. As a result, it is difficult to trace the flow and genuineness of PII. Blockchain technology, a'immutable' distributed ledger, can efficiently track PII exchange, storage and distribution. In contrast, the ongoing EU General Data Protection Regulation (GDPR) calls for the right to'forget' and'must be erasable'. However, this specification proposes an off-chain blockchain architecture that uses both a local database and a distributed ledger to ensure a reliable PII lifecycle.