Abstract
On 25th May 2018, the European General Data Protection Regulation (GDPR) came into effect and required transformation into national legislation in all member states of the European Union. GDPR stipulates that businesses may only process personal data on documented instructions. Furthermore, article 33 paragraph 5 states that any personal data breach and its effects have to be documented. As a conclusion, any processing (article 4 paragraph 2) has to be recorded in an appropriate manner. To this end, Blockchain technology presents a suitable approach. Blockchain technology has clear advantages in comparison to classical recording techniques, which can be manipulated and deleted more easily. The use case described in this chapter is the application of Blockchain technology to fulfill the GDPR documentation requirements for a Log Management System (LMS). The purpose is to monitor sensitive data (files or folders) that can be defined via a configuration. To facilitate recording in an appropriate manner, a private and distributed architecture of a Blockchain with a two-level hierarchy is described. In the data block the SuperBlockchain (higher level) contains a SubBlockchain (lower level) which stores the log file information. The SubBlockchain is valid for a specific time span e.g. for one day, which speeds up any search in the log files in the case of an incident.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
Notes
- 1.
Length means amount of blocks.
References
Antignac, T., & Le Métayer, D. (2014). Privacy by design: From technologies to architectures. In Annual privacy forum (pp. 1–17). Springer.
Araoz, M., & Ordano, E. (2019). Proven Open Excellence. Retrieved March 15, 2019, from http://poex.io/.
Ateniese, G., Magri, B., Venturi, D., & Andrade, E. (2017). Redactable blockchain—or—Rewriting history in bitcoin and friends (pp. 111–126). https://doi.org/10.1109/EuroSP.2017.37.
Berentsen, A., & Schär, F. (2018). Bitcoin, Blockchain und Kryptoassets: Eine umfassende Einführung. Norderstedt: BoD.
Coelho, F., & Younes, G. (2018). The GDPR-Blockchain paradox: A work around. In Conference: 1st workshop on GDPR compliant systems, co-located with 19th ACM international middleware conference, Rennes, France.
Council of the European Union. (2018a). Article 17 “GDPR Right to erasure (‘right to be forgotten’)”. Retrieved from https://gdpr-info.eu/art-17-gdpr/.
Council of the European Union. (2018b). Article 25 “GDPR Data protection by design and by default”. Retrieved from https://gdpr-info.eu/art-25-gdpr/.
Council of the European Union. (2018c). Article 3 “GDPR Territorial scope”. Retrieved from https://gdpr-info.eu/art-3-gdpr/.
Council of the European Union. (2018d). Article 4 “GDPR definitions”. Retrieved from https://gdpr-info.eu/art-4-gdpr/.
Council of the European Union. (2018e). Article 5 “GDPR principles relating to processing of personal data”. Retrieved from https://gdpr-info.eu/art-5-gdpr/.
Council of the European Union. (2018f). Article 83 “GDPR general conditions for imposing administrative fines”. Retrieved from https://gdpr-info.eu/art-83-gdpr/.
Council of the European Union. (2018g). Recital 26 “Not applicable to anonymous data”. Retrieved from https://gdpr-info.eu/recitals/no-26/.
Council of the European Union. (2018h). Recital 30 “Online identifiers for profiling and identification”. Retrieved from https://gdpr-info.eu/recitals/no-30/.
Gürses, S., Troncoso, C., & Diaz, C. (2011). Engineering privacy by design. Computers, Privacy & Data Protection, 14(3), 25.
Herian, R. (2018). Regulating disruption: Blockchain, GDPR, and questions of data sovereignty. Journal of Internet Law, 22(2), 1, 8–16. Retrieved from http://oro.open.ac.uk/56264/.
Holt, J. E. (2006). Logcrypt: Forward security and public verification for secure audit logs. In ACM international conference proceeding series (Vol. 167, pp. 203–211).
Kolain, M., & Wirth, C. (2018). Privacy by blockchain design: A blockchain-enabled GDPR-compliant approach for handling personal data. https://doi.org/10.18420/blockchain2018_03.
Kunde, E. (2017). Faktenpapier Blockchain und Datenschutz. Bundesverband Informationswirtschaft, Telekommunikation und neue Medien e. V.
Lima, C. (2018). Blockchain-GDPR privacy by design: How decentralized blockchain internet will comply with GDPR data privacy. In IEEE Blockchain. Retrieved from https://blockchain.ieee.org/images/files/pdf/blockchain-gdpr-privacy-by-design.pdf.
Maxwell, J., & Winston, S. (2017). A guide to blockchain and data protection. Hogan Lovells. Retrieved from www.hlengage.com/uploads/downloads/5425GuidetoblockchainV9FORWEB.pdf.
Pourmajidi, W., & Miranskyy, A. V. (2018). Logchain: Blockchain-assisted log storage. CoRR, abs/1805.08868. arXiv: 1805.08868. Retrieved from http://arxiv.org/abs/1805.08868.
Resolution on Privacy by Design. (2010). 32nd international conference of data protection and privacy commissioners, Jerusalem, Israel. Retrieved from https://edps.europa.eu/sites/edp/files/publication/10-10-27jerusalemresolutiononprivacybydesignen.pdf.
Schütz, A., & Fertig, T. (2019). Blockchain für Entwickler: Das Handbuch für Software Engineers. Grundlagen, Programmierung, Anwendung: Mit vielen Praxisbeispielen. Rheinwerk Computing. Rheinwerk Verlag GmbH. Retrieved from https://books.google.at/books?id=q1OWvQEACAAJ.
Treiblmaier, H. (2019). Toward more rigorous Blockchain research: Recommendations for writing Blockchain case studies. Frontiers in Blockchain, 2, 3. https://doi.org/10.3389/fbloc.2019.00003.
Van Humbeeck, A. (2017). The blockchain-GDPR paradox. Retrieved from https://medium.com/wearetheledger/the-blockchain-gdpr-paradox-fc51e663d047.
Wüst, K., & Gervais, A. (2018). Do you need a Blockchain? (pp. 45–54). https://doi.org/10.1109/CVCBT.2018.00011.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this chapter
Cite this chapter
Radinger-Peer, W., Kolm, B. (2020). A Blockchain-Driven Approach to Fulfill the GDPR Recording Requirements. In: Treiblmaier, H., Clohessy, T. (eds) Blockchain and Distributed Ledger Technology Use Cases. Progress in IS. Springer, Cham. https://doi.org/10.1007/978-3-030-44337-5_7
Download citation
DOI: https://doi.org/10.1007/978-3-030-44337-5_7
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-44336-8
Online ISBN: 978-3-030-44337-5
eBook Packages: Business and ManagementBusiness and Management (R0)