A Hybrid Blockchain Framework for GDPR Compliance: Off-Chain and On-Chain Approaches for Healthcare Use Case ![](https://camo.githubusercontent.com/a4f93ae0951f804604d875cc5ba41cb04b841fd4e04fd1119ea3a4e341068850/68747470733a2f2f696d672e736869656c64732e696f2f62616467652f2d4c6976652d627269676874677265656e)
Regulatory laws to protect user data privacy are enacted across the globe. European Union's General Data Protection Regulation (EU GDPR) imposes obligations onto organizations anywhere if they target or collect data related to people in Europe. Organizations have shown more interest in adopting Blockchain technology in their respective domains. The technology guarantees "immutability," but the regulations mandate the technology to ensure "Right to Erasure," making the technology and the solutions built Non-GDPR compliant. In this paper, we formulate a hybrid Blockchain Framework for Healthcare use-case. The proposed architecture integrates both off-chain and on-chain approaches to maintain data protection compliance with GDPR to achieve an effective outcome. A unique identity based on the ERC-721 standard is used to retrieve and verify data mapped and stored in the Ethereum Blockchain using the smart contract. Personally identifiable information is stored in a traditional database, its reference hashes in Blockchain. Similarly, non-personally identifiable information is stored in IPFS, and the reference hashes in Blockchain. Finally, we propose a custom decentralized identity to identify and authenticate users without disclosing any sensitive information.
Click here to access the webpage.
We would like to acknowldge the support provided by TIFAC-CORE in Cyber Security, Amrita School of Engineering, Amrita Vishwa Vidyapeetham, Coimbatore, India in carrying out this work as part of "M.Tech Cyber Security" Thesis.
Co-Guide : Dr. Amritha PP, Assistant Professor and Mr. Ramaguru Radhakrishnan, Assistant Professor, TIFAC-CORE in Cyber Security, ASE - Coimbatore
- Ramaguru R, Minu M. Blockchain Terminologies._ NamChain Open Initiative Research Lab_ (2021). https://github.com/NamChain-Open-Initiative-Research-Lab /Blockchain-Terminologies.
- EU General Data Protection Regulation (EU-GDPR). https://gdpr-info.eu/
- Thomas, A.M., Ramaguru, R., Sethumadhavan, M. (2022). Distributed Identity and Verifiable Claims Using Ethereum Standards. In: Ranganathan, G., Fernando, X., Shi, F. (eds) Inventive Communication and Computational Technologies. Lecture Notes in Networks and Systems, vol 311. Springer, Singapore. https://doi.org/10.1007/978-981-16-5529-6_48
- Anjum, S., Ramaguru, R., Sethumadhavan, M. (2021). Medical Records Management Using Distributed Ledger and Storage. In: Singh, M., Tyagi, V., Gupta, P.K., Flusser, J., Ören, T., Sonawane, V.R. (eds) Advances in Computing and Data Sciences. ICACDS 2021. Communications in Computer and Information Science, vol 1441. Springer, Cham. https://doi.org/10.1007/978-3-030-88244-0_6
- Sivadanam, Y.L., Ramaguru, R., Sethumadhavan, M. (2022). Distributed Ledger Framework for an Adaptive University Management System. In: Chaki, N., Devarakonda, N., Cortesi, A., Seetha, H. (eds) Proceedings of International Conference on Computational Intelligence and Data Engineering. Lecture Notes on Data Engineering and Communications Technologies, vol 99. Springer, Singapore. https://doi.org/10.1007/978-981-16-7182-1_24
TBD