The General Data Protection Regulation (GDPR) is an EU regulation acting as a one-stop shop for all data privacy rules across the EU. GDPR governs all global entities dealing with EU citizens’ data in any form or shape. Ajay Mothukuri, Arunkumar Ramanatha, and Vijay Srinivas Agneeswaran explain how to use open source blockchain technologies such as Hyperledger to implement GDPR.
GDPR aims to ensure the data privacy of EU citizens through a single set of rules for data protection, increased responsibility and accountability for those entities processing personal data, required notification of any data breaches in stipulated timelines, the pseudonymization of personal data in such a way that resulting data cannot be attributed to a specific data subject without use of additional nonpersonal information, more accessible personal data, the ability to transfer personal data from one service provider to another easily (data portability), a “right to be forgotten,” and data protection by design and by default. These rules apply to all foreign companies and entities that are active in EU market and offer their services to EU citizens, and there are heavy sanctions for any violations, that can total up to 4% of annual global turnover.
Blockchain technologies can help companies fall in line with GDPR directives. Pseudonymization is built into the blockchain, as all the data in a blockchain is encrypted and undersigned with the user’s digital signatures. Permissioned ledgers operate on a per-channel basis, making it very easy for companies to hide data from participating peers with whom data shouldn’t be shared. The blockchain uses industry-standard key-value pair or JSON, which allows for interoperability of data between participating entities, as per approved data sharing protocols. Permissioned ledgers now have the capability to modify or delete data upon request. This is never the case with a permissionless blockchain, like bitcoin.
Sapient has successfully built permissioned blockchain networks for its clients. Ajay and Vijay cover some of these implementations and explain how Sapient fine-tunes the modify and delete requests on a given transaction to comply with the GDPR regulations. Hyperledger’s chaincode is used as the base for these blockchain implementation. Docker containers along with Go are used to port the blockchain code. Python code is packed into Docker containers. Hyperledger Fabric SDK is used for creating channels for peer-to-peer communication and building subnets that host individual ledgers between channels. Also, Hyperledger’s open source logic for modify/delete is used to achieve the “right to be forgotten” directive. Even though US and other non-EU markets are evolving the data protection standards, this model enables all companies globally to set a baseline for data governance and privacy at an enterprise level, there by winning trust from their customers—which helps retain their loyalty. These data governance policies can be applied horizontally and vertically across business domains, giving scope for interoperability and modularity in data privacy operations.
Ajay Mothukuri is an architect on the data technologies team at Sapient.
Dr. Vijay Srinivas Agneeswaran has a Bachelor’s degree in Computer Science & Engineering from SVCE, Madras University (1998), an MS (By Research) from IIT Madras in 2001, a PhD from IIT Madras (2008) and a post-doctoral research fellowship in the LSIR Labs, Swiss Federal Institute of Technology, Lausanne (EPFL). He currently heads data sciences R&D at Walmart Labs, India. He has spent the last eighteen years creating intellectual property and building data-based products in Industry and academia. In his current role, he heads machine learning platform development and data science foundation teams, which provide platform/intelligent services for Walmart businesses across the world. In the past, he has led the team that delivered real-time hyper-personalization for a global auto-major as well as other work for various clients across domains such as retail, banking/finance, telecom, automotive etc. He has built PMML support into Spark/Storm and realized several machine learning algorithms such as LDA, Random Forests over Spark. He led a team that designed and implemented a big data governance product for a role-based fine-grained access control inside of Hadoop YARN. He and his team have also built the first distributed deep learning framework on Spark. He is a professional member of the ACM and the IEEE (Senior) for the last 10+ years. He has five full US patents and has published in leading journals and conferences, including IEEE transactions. His research interests include distributed systems, artificial intelligence as well as Big-Data and other emerging technologies.
Comments on this page are now closed.
©2018, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org