Enabling Integrity and Compliance Auditing in Blockchain-Based GDPR-Compliant Data Management

Abstract

The General Data Protection Regulation (GDPR) is a European Union (EU) data protection and privacy law. According to the GDPR, the data on a hosting platform must meet semantic consistency and data integrity requirements. Semantic consistency means that the data operation should comply with the GDPR, while data integrity is meant to ensure that the outsourcing data should be intact. The two terms are not interchangeable. For example, if a cloud service provider migrates data to foreign storage nodes without authorization of the data owner, the data integrity requirement of the GDPR is met but the semantic consistency requirement is not. How to ensure data integrity and compliance is the main challenge for a GDPR-compliant data supervision platform. To achieve this aim, we leverage a blockchain based data management framework to check the data compliance, which can break the black box of the data hosting platform and demonstrate its logic to data owners, allowing for inspection. We propose a new provable data possession (PDP) scheme for the aforementioned framework that can check for semantic consistency and data integrity simultaneously. The verifier does not need to hold any audited data, which can reduce bandwidth usage. The verification result can be regarded as the proof for subsequent data recovery and accountability. Experimental results show higher efficiency of the PDP scheme.