The General Data Protection Regulation (GDPR) is an EU regulation acting as a one-stop shop for all data privacy rules across the EU. GDPR governs all global entities dealing with EU citizens’ data in any form or shape. Ajay Mothukuri, Arunkumar Ramanatha, and Vijay Srinivas Agneeswaran explain how to use open source blockchain technologies such as Hyperledger to implement GDPR.
GDPR aims to ensure the data privacy of EU citizens through a single set of rules for data protection, increased responsibility and accountability for those entities processing personal data, required notification of any data breaches in stipulated timelines, the pseudonymization of personal data in such a way that resulting data cannot be attributed to a specific data subject without use of additional nonpersonal information, more accessible personal data, the ability to transfer personal data from one service provider to another easily (data portability), a “right to be forgotten,” and data protection by design and by default. These rules apply to all foreign companies and entities that are active in EU market and offer their services to EU citizens, and there are heavy sanctions for any violations, that can total up to 4% of annual global turnover.
Blockchain technologies can help companies fall in line with GDPR directives. Pseudonymization is built into the blockchain, as all the data in a blockchain is encrypted and undersigned with the user’s digital signatures. Permissioned ledgers operate on a per-channel basis, making it very easy for companies to hide data from participating peers with whom data shouldn’t be shared. The blockchain uses industry-standard key-value pair or JSON, which allows for interoperability of data between participating entities, as per approved data sharing protocols. Permissioned ledgers now have the capability to modify or delete data upon request. This is never the case with a permissionless blockchain, like bitcoin.
Sapient has successfully built permissioned blockchain networks for its clients. Ajay and Vijay cover some of these implementations and explain how Sapient fine-tunes the modify and delete requests on a given transaction to comply with the GDPR regulations. Hyperledger’s chaincode is used as the base for these blockchain implementation. Docker containers along with Go are used to port the blockchain code. Python code is packed into Docker containers. Hyperledger Fabric SDK is used for creating channels for peer-to-peer communication and building subnets that host individual ledgers between channels. Also, Hyperledger’s open source logic for modify/delete is used to achieve the “right to be forgotten” directive. Even though US and other non-EU markets are evolving the data protection standards, this model enables all companies globally to set a baseline for data governance and privacy at an enterprise level, there by winning trust from their customers—which helps retain their loyalty. These data governance policies can be applied horizontally and vertically across business domains, giving scope for interoperability and modularity in data privacy operations.
Ajay Mothukuri is an architect on the data technologies team at Sapient.
Vijay Srinivas Agneeswaran is a senior director of technology at Publicis Sapient. Vijay has spent the last 12 years creating intellectual property and building products in the big data area at Oracle, Cognizant, and Impetus, including building PMML support into Spark/Storm and implementing several machine learning algorithms, such as LDA and random forests, over Spark. He also led a team that build a big data governance product for role-based, fine-grained access control inside of Hadoop YARN and built the first distributed deep learning framework on Spark. Earlier in his career, Vijay was a postdoctoral research fellow at the LSIR Labs within the Swiss Federal Institute of Technology, Lausanne (EPFL). He is a senior member of the IEEE and a professional member of the ACM. He holds four full US patents and has published in leading journals and conferences, including IEEE Transactions. His research interests include distributed systems, cloud, grid, peer-to-peer computing, machine learning for big data, and other emerging technologies. Vijay holds a bachelor’s degree in computer science and engineering from SVCE, Madras University, an MS (by research) from IIT Madras, and a PhD from IIT Madras.
Comments on this page are now closed.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org