A Blockchain-Based Architecture for Auditing Compliance with Data Protection Regulations
Abstract
The emergence of personal data protection regulations, such as the GDPR in the European Union and the LGPD in Brazil, motivates organizations that process this data to seek an auditing solution to demonstrate that they follow applicable legal practices. However, it is still not clear which is the best technique to provide such a solution. This work presents an ongoing research to design a blockchain-based architecture to audit operations performed on personal data in a reliable, transparent, and cost-effective way.
Keywords:
Data Security, Audit, LGPD, GDPR, Blockchain
References
Barati, M., Aujla, G. S., Llanos, J. T., Duodu, K. A., Rana, O. F., Carr, M., and Ranjan, R. (2022). Privacy-aware cloud auditing for GDPR compliance verification in online healthcare. IEEE Transactions on Industrial Informatics, 18(7):4808–4819.
Bilal, K., Khalid, O., Erbad, A., and Khan, S. U. (2018). Potentials, trends, and prospects in edge technologies: Fog, cloudlet, mobile edge, and micro data centers. Computer Networks, 130:94–120.
GDPR (2016). European Parliament, Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L 119:1–88.
Hossein, K. M., Esmaeili, M. E., Dargahi, T., and khonsari, A. (2019). Blockchain-based privacy-preserving healthcare architecture. In 2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE), pages 1–4.
Kunz, I., Casola, V., Schneider, A., Banse, C., and Schütte, J. (2020). Towards tracking data flows in cloud architectures. In 2020 IEEE 13th International Conference on Cloud Computing (CLOUD), pages 445–452.
LGPD (2018). Governo Brasileiro. Lei N° 13.709, de 14 de agosto de 2018 - Lei geral de Proteção de Dados Pessoais (LGPD). Diário Oficial da União, 15/08/2018, Edição 157, Seção 1:59–64.
Russo, B., Valle, L., Bonzagni, G., Locatello, D., Pancaldi, M., and Tosi, D. (2018). Cloud computing and the new eu general data protection regulation. IEEE Cloud Computing, 5(6):58–68.
Tikkinen-Piri, C., Rohunen, A., and Markkula, J. (2018). Eu general data protection regulation: Changes and implications for personal data collecting companies. Computer Law & Security Review, 34(1):134–153.
Truong, N. B., Sun, K., Lee, G. M., and Guo, Y. (2020). GDPR-compliant personal data management: A blockchain-based solution. IEEE Transactions on Information Forensics and Security, 15:1746–1761.
Wu, Z., Williams, A. B., and Perouli, D. (2019). Dependable public ledger for policy compliance, a blockchain based approach. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pages 1891–1900.
Zemler, F. and Westner, M. (2019). Blockchain and GDPR: Application scenarios and compliance requirements. In 2019 Portland International Conference on Management of Engineering and Technology (PICMET), pages 1–8.
Bilal, K., Khalid, O., Erbad, A., and Khan, S. U. (2018). Potentials, trends, and prospects in edge technologies: Fog, cloudlet, mobile edge, and micro data centers. Computer Networks, 130:94–120.
GDPR (2016). European Parliament, Council of the European Union. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). Official Journal of the European Union, L 119:1–88.
Hossein, K. M., Esmaeili, M. E., Dargahi, T., and khonsari, A. (2019). Blockchain-based privacy-preserving healthcare architecture. In 2019 IEEE Canadian Conference of Electrical and Computer Engineering (CCECE), pages 1–4.
Kunz, I., Casola, V., Schneider, A., Banse, C., and Schütte, J. (2020). Towards tracking data flows in cloud architectures. In 2020 IEEE 13th International Conference on Cloud Computing (CLOUD), pages 445–452.
LGPD (2018). Governo Brasileiro. Lei N° 13.709, de 14 de agosto de 2018 - Lei geral de Proteção de Dados Pessoais (LGPD). Diário Oficial da União, 15/08/2018, Edição 157, Seção 1:59–64.
Russo, B., Valle, L., Bonzagni, G., Locatello, D., Pancaldi, M., and Tosi, D. (2018). Cloud computing and the new eu general data protection regulation. IEEE Cloud Computing, 5(6):58–68.
Tikkinen-Piri, C., Rohunen, A., and Markkula, J. (2018). Eu general data protection regulation: Changes and implications for personal data collecting companies. Computer Law & Security Review, 34(1):134–153.
Truong, N. B., Sun, K., Lee, G. M., and Guo, Y. (2020). GDPR-compliant personal data management: A blockchain-based solution. IEEE Transactions on Information Forensics and Security, 15:1746–1761.
Wu, Z., Williams, A. B., and Perouli, D. (2019). Dependable public ledger for policy compliance, a blockchain based approach. In 2019 IEEE 39th International Conference on Distributed Computing Systems (ICDCS), pages 1891–1900.
Zemler, F. and Westner, M. (2019). Blockchain and GDPR: Application scenarios and compliance requirements. In 2019 Portland International Conference on Management of Engineering and Technology (PICMET), pages 1–8.
Published
2022-09-12
How to Cite
DE CASTRO, Marcos Maciel; PEREIRA, Marciel Barros; DE CASTRO, Miguel Franklin.
A Blockchain-Based Architecture for Auditing Compliance with Data Protection Regulations. In: BRAZILIAN SYMPOSIUM ON CYBERSECURITY (SBSEG), 22. , 2022, Santa Maria.
Anais [...].
Porto Alegre: Sociedade Brasileira de Computação,
2022
.
p. 390-395.
DOI: https://doi.org/10.5753/sbseg.2022.225347.
