Lightweight Blockchain-based Platform for GDPR-Compliant Personal Data Management

New digital technologies generate large amounts of information. This data is processed by Service Providers in order to improve and develop new services or products, but also to fund themselves. However, processing these personal data can result in the extraction of sensitive information. In consequence, it can lead to users' privacy risk. To mitigate this risk, the EU elaborated the GDPR. It forces Service Providers to have Data Subjects' explicit consent for collecting and processing their personal data. The problem is that legislative text does not define how to transparently demonstrate that they already have this consent. Also, most users do not know the rights they have over their personal data, neither this regulation provides techniques for them to be aware about what happens with it. In this paper, we propose a lightweight blockchain-based GDPR-compliant personal data management platform. It provides public access to immutable evidences that show the agreements between the Data Subjects and Service Providers. The Service Providers can demonstrate that they are fulfilling the regulation, and Data Subjects are aware about what happens with their personal data and can manage it according to their rights.

Automated summary

In this paper, a lightweight blockchain-based GDPR-compliant personal data management platform is proposed. It provides public access to immutable evidences that demonstrate the agreements between Data Subjects and Service Providers. This platform allows Service Providers to show compliance with regulations, while also enabling Data Subjects to be informed about the handling of their personal data and manage it according to their rights.