General Data Protection Regulation Complied Blockchain Architecture for Personally Identifiable Information Management

摘要

Surveillance and confidential accidents on privacy breaches of a user raise a question on data collecting procedures by a third party. Personally identifiable information (PII) is abused for medical accidents, ID thefts, spams, phishing, cyber espionage and the like. A lot of data flow into corporations from users for data-centered market analysis and prediction. As a result, the flow and genuineness of PII are hardly tracked. Blockchain technology, an immutable distributed lodge, can efficiently track PII exchanges, storages and distribution. In contrast, ongoing EU general data protection regulation (GDPR) requires a right to be forgotten and a right to be deleted. However, the present invention proposes an off-chain blockchain architecture using all of a local database and a distribution lodger to ensure a reliable PII life cycle. The present invention comprises the steps of: classifying PII from user personal data; storing the PII into a local database; generating a hash value of the PII; and generating a block containing smart contract, the PPII, the hash value and the like to save the same in blockchain.