Tracking GDPR Compliance in Cloud-based Service Delivery

Abstract

The European General Data Protection Regulation (GDPR) has had a far-reaching impact on data privacy for cloud providers. GDPR influences access to, storage, and transmission of personal data, requiring these operations to be verified by cloud users through explicit consent prior to execution. GDPR rules implemented for such operations can be ambiguous and often open to interpretation, making manual verification a time consuming and error prone process for cloud providers. An encoding of GDPR rules is described, with each operation carried out using these rules recorded into a Blockchain for auditing purposes. This work shows how some GDPR rules can appear as opcodes in smart contracts to verify the operations of providers on user data in an automatic way. An abstract model is designed to demonstrate how cloud providers can access and deploy such contracts through a Blockchain-based virtual machine. A case study is used to demonstrate how this approach can be used in practice. The case study uses several design patterns and smart contracts to verify provider operations, including read, write, execution and transfer on user data. Validation is undertaken by deploying the smart contracts in a Blockchain test network to investigate the execution costs of GDPR compliance checking.