GDPR compliance verification through a user-centric blockchain approach in multi-cloud environment

Abstract

With cloud-hosted web applications becoming ubiquitous, the security risks presented for user personal data that is migrated to the cloud are at an all-time high. When using a cloud-hosted web application, users only ever interact with web interfaces of the web applications and are usually completely unaware of how their data is distributed amongst the multiple cloud service providers that the web application uses, making it difficult to verify the lawful use and ownership of personal data. The General Data Protection Regulation (GDPR) seeks to empower users to gain better control over their personal data. Blockchain-based approaches have risen in popularity over the recent years to tackle the challenge of verifying GDPR compliance in multi-cloud environments. By deploying smart contracts on the blockchain, we can create transparent and immutable logs of data processes in the hopes of automating GDPR compliance verification. However, the existing works are still limited to provide a user-centric compliance verification. To this end, we propose a user-centric, blockchain-based framework for data management in a cloud environment where all GDPR-relevant data operations take place on the blockchain through well-defined smart contracts.