SlideShare a Scribd company logo

GDPR and Blockchain

Salman Baset
Salman Baset

This presentation debunks some of the myths surrounding GDPR and blockchain, and provides guidance on how to make solutions GDPR compliant.

Technology
1 of 36
Download to read offline
General Data Protection Regulation (GDPR) and Blockchain Salman Baset 1
Outline • GDPR and blockchain - summary • GDPR • What is GDPR? • Who are the actors? • What is personal data? • What are rights of a person? • What are the responsibilities of a controller? • Myths about GDPR • GDPR in action • Blockchain • What is blockchain? • Bitcoin – what is it and how people use it • Who is the data controller in bitcoin? • Types of blockchain • Properties of blockchain that are challenging for GDPR • Permissioned private blockchains and GDPR • GDPR and Blockchain • Possible approaches and their pitfalls 2
Disclaimer • General Data Protection Regulation (GDPR) is a law. • I am not a lawyer; I am a security professional who has applied GDPR in permissioned private blockchains. • I am involved in various open source blockchain initiatives such as Hyperledger. 3
GDPR and Blockchain* GDPR compliance is not about the technology, it is about how the technology is used Just like there is no GDPR-compliant Internet. Or there is no GDPR-compliant Artificial Intelligence. Similarly, there is no such thing as GDPR-compliant blockchain technology. There are only GDPR-compliant use cases and applications. The general approach for a use or an application is to avoid storing personal data on blockchain. https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf?width=1024&height=800&iframe=true 4
What is GDPR? • A law that regulates the processing by an individual, a company, or an organization of personal data relating to individuals in the EU+. https://www.bbc.com/news/world-middle-east-24367705 EU has 28 member states • Switzerland is not a EU member • Norway is not a EU member • Brexit (United Kingdom) and GDPR? Affects every sector, from healthcare, to Internet services, to banking, and beyond. Individuals: applies to EU citizens as well as non-citizens in EU. GDPR came into effect on May 25, 2018. GDPR has 99 Articles and 173 recitals. + https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en 5
Who are the actors in GDPR? Data subject. Article 4(1). “‘person data’ means any information relating to an identified or identifiable natural person (‘data subject’)” Example: you S C P Data controller. Article 4(7). … “determines the purpose and means of the processing of personal data”… Example: University is a data controller. Data processor. Article 4(8). “ ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” Example: University email service provided by a cloud service provider. DPO Data protection officer. Article 37-39. appointed by a controller and a processor to advise employees and monitor compliance Example: University privacy officer SA Supervisory authority. Article 4(21) and Article 51. An EU country-specific authority for monitoring compliance to GDPR DPB Data Protection Board. Article 68. Ensure consistent application of GDPR. monitor companycountryEU 6
What is personal data? • Some things are obvious • Name • Biometric data • Racial or ethnic origin • Religious or political beliefs • Health data • Sex life and sexual orientation • Some things are not so obvious • IP address • Cookie ID • Employment and education history 7
What are the rights of a data subject? Articles 12-23 Some examples in the blockchain context • Right to rectification – Article 16 • Right to be erasure – Article 17 • Right to restriction of processing – Article 18 • Right to data portability – Article 19 S 8
What are the responsibilities of data controller and processor? • Many • Security of processing – Article 32 • “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: • pseudonymization and encryption of data • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;” • Notification of a personal data breach to the supervisory authority. Article 33. 9
Where does a data controller or a processor typically find personal data? • Customer relationship management (CRM) databases • Human resource management (HRM) databases • Web server logs • Data backups / data warehouse 10
Myths about GDPR • EU personal data must reside within a data center in EU. • False • GDPR applies when a EU person visits another country • False. Law of another country applies. • There are no exceptions in GDPR. • False. See above about law of another country. Other examples include law enforcement, public safety. • Office address is personal data? • False, but it depends. Your name with office address becomes personal data. 11
How is GDPR doing since its release? • More companies reporting breaches • Fine imposed on British Airways • https://www.bbc.com/news/business-48905907 • Who is next? J 12
Outline • GDPR and blockchain - summary • GDPR • What is GDPR? • Who are the actors? • What is personal data? • What are rights of a person? • What are the responsibilities of a controller? • Myths about GDPR • GDPR in action • Blockchain • What is blockchain? • Bitcoin – what is it and how people use it • Who is the data controller in bitcoin? • Types of blockchain • Properties of blockchain that are challenging for GDPR • Permissioned private blockchains and GDPR • GDPR and Blockchain • Possible approaches and their pitfalls 13
What is blockchain? • NIST.IR.8202 • (first two lines of intro) Blockchains are tamper evident and tamper resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions in a shared ledger within that community, such that under normal operation of the blockchain network no transaction can be changed once published. What is a block? – grouping of transactions What is a transaction? – a mechanism to update the ledger Does the definition clearly state the append-only aspect of ledger? 14
What is a “ledger”? • https://www.merriam-webster.com/dictionary/ledger • a book containing accounts to which debits and credits are posted from books of original entry • a horizontal board used for vertical support (as in scaffolding) • The ledger familiar to “most” of us…? • Personal journal 15
Ledger vs. personal journal Ledger Personal journal Written on Paper with typically pen Paper, with pen or pencil Can also be written with IT system (e.g., computer, SaaS) IT system (e.g., computer, SaaS) Record of who made changes Important Not so much Common primary application Recording monetary transactions Thoughts Information lay out Structure (tabular), credit/debit, with dates Usually with dates Information is appended? Typically, yes Typically, yes Shared with others Employees (probably). Other entities, no, unless IRS J Depends J 16
What is a digital ledger? • A ledger stored in a digital form • On a (personal) computer or a set of computers • Can contain data ranging from few bytes to peta bytes, and beyond • What is distributed paper ledger? • Create copies of paper and distribute it to relevant folks whenever there is a change? • What is a distributed digital ledger? (or simply distributed ledger) • Ledgers stored in digital form on a set of computers (e.g., cloud), where data repository is not confined to a single computer (NIST: without central repository). The structure of the information stored within the ledger depends on the application. 17
Tamper evident and tamper resistant • Immutable: Merriam-Webster • https://www.merriam-webster.com/dictionary/immutable • not capable of or susceptible to change • Why do we write personal checks with a pen and not with a pencil? • May be, no one writes personal checks these days J • tamper evident and tamper resistant – to an extent • Can a (distributed) digital ledger be changed? • Of course! • How to detect changes to a (distributed) digital ledger and prevent changes? • Detect changes: audit logs • Prevent unauthorized changes: authz, authn (requires identity) 18
[Lack of] Central authority or central repository - Examples • I run a database on my single machine. • Central repository? • Central authority? • A big search engine has a massive farm of distributed machines connected over network, that work together to respond to search queries. • Central repository? • Central authority? • A music file-sharing system (Napster) has a central list of which users have files, but files are downloaded peer-to-peer. • Central authority? • Central repository? • A file-sharing network has a distributed index of files and file chunks. • Central repository? • Central authority? 19 Who is data controller and data processor?
What is Bitcoin? – from the paper Conclusion We have proposed a system for electronic transactions without relying on trust. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending. To solve this, we proposed a peer-to-peer network using proof- of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power. The network is robust in its unstructured simplicity. Nodes work all at once with little coordination. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis. Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone. They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism. 20
What is Bitcoin? – from the paper Conclusion We have proposed a system for electronic transactions without relying on trust. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending. To solve this, we proposed a peer-to-peer network using proof- of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power. The network is robust in its unstructured simplicity. Nodes work all at once with little coordination. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis. Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone. They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism. https://bitcoin.org/bitcoin.pdf So, no non-electronic (aka paper) transactions? all over the world? distributed? anonymity is a goal ? anyone can join and leave consensus algorithm is fixed. interesting 21
What is Bitcoin? – A geographically distributed peer-to- peer network Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger 22
Bitcoin: Blocks and Transactions Block N T1 T2: A -> B T3 T4 Block N+1 B->C Block N+2 C->D H(N) H(N+1) T1 T2 T3 T4 H() H() H() H() H() H() H(N) Transaction (oversimplification): - comprises the public key of the sender - Signed structured data (with private key of transaction originator) that indicates some transfer of bitcoins - The structured contains information about transfer of Bitcoins e.g., - S_key, Coin=1, R_key, Coin=2 S_key, Coin=0, R_key, Coin=3 - Public key of receiver 23 Does Bitcoin store personal information? No. However, if public keys can be attributed to a person with high fidelity, there is presently no way to break that linkage. e.g., by purging those transactions from the bitcoin ledger.
How to people use Bitcoin? • Through an intermediary • Bitcoin exchange • Payment exchange • Directly – by running the software 24
Who is the data controller / processor for Bitcoin? • Through an intermediary • Bitcoin exchange • Payment exchange • Intermediary becomes the data controller • Directly – by running the software • Can a peer-to-peer network which is not under anyone’s control be a data controller? • Are core software developers of Bitcoin data controllers? 25
Distributed Ledger Technologies aka Blockchain categorization Drive value of cryptocurrency Cryptocurrency for a business use-case Blockchain for business Anonymous Permissioned CryptocurrencyNon-Cryptocurrency Standards bodies and consortiums 26
Types of blockchain • What is public blockchain • Ledger is public – accessible by anyone • What is permission-less public blockchain? • Ledger is public, and anyone can join the network. (Bitcoin) • What is permissioned public blockchain • Ledger is public, but approvals required before joining the network. (Sovrin foundation, potentially Hyperledger Fabric also) • What is permissioned private blockchain? • Ledger is private, and approvals required before joining the network (Hyperledger Fabric) • What is permission-less private blockchain? • Good question :). Ledgers are private, but how can anyone join a private blockchain? 27
Blockchain properties that are challenging for GDPR • Distributed – distributed without consent • Immutable – existing data cannot be changed • Permanent - existing data cannot be changed. Record is permanent 28
What is Hyperledger? • Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration, hosted by The Linux Foundation, including leaders in finance, banking, Internet of Things, supply chains, manufacturing and Technology. • Launched in February 2016 https://www.hyperledger.org/about Frameworks Tools Hyperledger Indy Hyperledger Fabric Hyperledger Iroha Hyperledger Sawtooth Hyperledger Burrow Hyperledger Composer Hyperledger Explorer Hyperledger Cello 29 Hyperledger Ursa
Overview of Hyperledger Fabric – Key Design Goals • The four P’s • Permissioned • Privacy • Pluggability • Performance 30
Permissioned: Existing members determine who can join the network, and update configuration Public blockchains • Download software and connect to network • Configuration updated through developer or community consensus Hyperledger Fabric • Policy-based mechanism to admit new members and to update configuration 6/8 votes (admit A: majority vote) A A B I want to invite A to network A B A B A B A B A B A B A B B I want to invite B to network A B 3/8 votes (reject B: majority vote) Permissioned != Private 31
Privacy: Smart contract execution, and transaction data storage limited to a set of nodes in the network based on policy Public blockchains • Every node runs smart contract • Every full node can potentially have a full copy of the ledger Hyperledger Fabric • A subset of nodes will run smart contracts • The ledger updates are limited to set of nodes (channel). • Nodes in a channel can directly share private data directly with subset of nodes (collections, v1.1 feature) SC SC SC SC SC SC SC SC SCSC SC Channel / Private data collection 32
Pluggability: consensus, identity provider, crypto, data format, smart contract language Public blockchains • Fixed or hard to change consensus algorithm (proof of work) • Fixed encryption (e.g., secp256k1) • Identity = public key - self • Domain specific language (DSL) for writing smart contracts Hyperledger Fabric • Pluggable consensus algorithm (PBFT, Kafka) • Pluggable crypto service provider • Pluggable identity provider, zero knowledge proofs • General data format, key / value pair • General purpose languages for writing smart contracts (Javascript, Go) 33
Hyperledger Fabric and GDPR • Transaction (oversimplification): • comprises X.509 certificate of originator containing its public key • As well as entities signing (voting) on this request • No structure of data being stored • Key / value • X.509 certificate may contain personal data - see screenshot • Values may contain personal data 34
Possible approaches for GDPR and Blockchain – and their pitfalls • Avoid storing personal data on blockchain • Anonymize data and store on blockchain • Not much business value • Encrypt data and store on blockchain • Encryption can be broken one day • Pseudonymize personal data • A random identifier stored in blockchain in lieu of personal data • An off-blockchain database stores the link between random identifier and personal data • Logical deletion achieved by deleting personal data from off-blockchain database • Permissioned private blockchains • Establishing a governance process of which information will be stored in blockchain is critical go ensuring adherence to GDPR 35
Conclusion • Start with big picture – establish governance process • Avoid storing personal data on blockchain • If blockchain is unavoidable, consider permissioned private blockchains • Be as clear and as transparent to your users 36

Recommended

GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.
Salman Baset
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
GDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projectsGDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projects
Lorenzo Mannella
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developers
Bozhidar Bozhanov
 

Recommended

GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.GDPR considerations for blockchain solution architects.
GDPR considerations for blockchain solution architects.
Salman Baset
 
GDPR - 5 Months On!
GDPR - 5 Months On!GDPR - 5 Months On!
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
GDPR and evolving international privacy regulations
GDPR and evolving international privacy regulationsGDPR and evolving international privacy regulations
GDPR and evolving international privacy regulations
Ulf Mattsson
 
GDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projectsGDPR and personal data protection in EU research projects
GDPR and personal data protection in EU research projects
Lorenzo Mannella
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law India'a Proposed Privacy & Personal Data Protection Law
India'a Proposed Privacy & Personal Data Protection Law
Priyanka Aash
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developers
Bozhidar Bozhanov
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection online
Bozhidar Bozhanov
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
Ulf Mattsson
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
Ulf Mattsson
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
Sarah Fox
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
GDPR and Hadoop
GDPR and HadoopGDPR and Hadoop
GDPR and Hadoop
Janosch Woschitz
 
GDPR Ramifications of Blockchain Technologies
GDPR Ramifications of Blockchain TechnologiesGDPR Ramifications of Blockchain Technologies
GDPR Ramifications of Blockchain Technologies
Parsons Behle & Latimer
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non experts
Claudio Bolla, CISM
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?
NCVO - National Council for Voluntary Organisations
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
Tomppa Järvinen
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
Dean Sappey
 
State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...
Vsevolod Shabad
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 

More Related Content

What's hot

Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection online
Bozhidar Bozhanov
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
Ulf Mattsson
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
Ulf Mattsson
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
Sarah Fox
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
GDPR and Hadoop
GDPR and HadoopGDPR and Hadoop
GDPR and Hadoop
Janosch Woschitz
 
GDPR Ramifications of Blockchain Technologies
GDPR Ramifications of Blockchain TechnologiesGDPR Ramifications of Blockchain Technologies
GDPR Ramifications of Blockchain Technologies
Parsons Behle & Latimer
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non experts
Claudio Bolla, CISM
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
Vicky Dallas
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?
NCVO - National Council for Voluntary Organisations
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
Tomppa Järvinen
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
Dean Sappey
 

What's hot (20)

Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Alternatives for copyright protection online
Alternatives for copyright protection onlineAlternatives for copyright protection online
Alternatives for copyright protection online
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
GDPR and Hadoop
GDPR and HadoopGDPR and Hadoop
GDPR and Hadoop
 
GDPR Ramifications of Blockchain Technologies
GDPR Ramifications of Blockchain TechnologiesGDPR Ramifications of Blockchain Technologies
GDPR Ramifications of Blockchain Technologies
 
GDPR - a view for the non experts
GDPR - a view for the non expertsGDPR - a view for the non experts
GDPR - a view for the non experts
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
 

Similar to GDPR and Blockchain

State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...
Vsevolod Shabad
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
MongoDB
 
Data protection by design and by default on the blockchain
Data protection by design and by default on the blockchainData protection by design and by default on the blockchain
Data protection by design and by default on the blockchain
Alexandra Giannopoulou
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
Ulf Mattsson
 
Distributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchainDistributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchain
Alexandra Giannopoulou
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
MuhammadAbdullah311866
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
Cloud Standards Customer Council
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?
MicheleNati
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obamaLilian Edwards
 
The death of data protection
The death of data protection The death of data protection
The death of data protection
Lilian Edwards
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentationChande Kasita
 
Analytics in Action - Data Protection
Analytics in Action - Data ProtectionAnalytics in Action - Data Protection
Analytics in Action - Data Protection
Lee Schlenker
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
Benoît De Nayer
 
Kawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudKawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the Cloud
Gurbir Singh
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
Ulf Mattsson
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
Ulf Mattsson
 
SoBigData. European Research Infrastructure for Big Data and Social Mining
SoBigData. European Research Infrastructure for Big Data and Social MiningSoBigData. European Research Infrastructure for Big Data and Social Mining
SoBigData. European Research Infrastructure for Big Data and Social Mining
Research Data Alliance
 
Recent developments and future challenges in privacy
Recent developments and future challenges in privacyRecent developments and future challenges in privacy
Recent developments and future challenges in privacy
PECB
 

Similar to GDPR and Blockchain (20)

State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...State regulation of information protection in the cloud - international and K...
State regulation of information protection in the cloud - international and K...
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
 
Data protection by design and by default on the blockchain
Data protection by design and by default on the blockchainData protection by design and by default on the blockchain
Data protection by design and by default on the blockchain
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Distributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchainDistributed data protection and liability on the blockchain
Distributed data protection and liability on the blockchain
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
GCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptxGCCS-privacy-PP-final presentation-3-1.pptx
GCCS-privacy-PP-final presentation-3-1.pptx
 
Data Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for StandardsData Residency: Challenges and the Need for Standards
Data Residency: Challenges and the Need for Standards
 
GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?GDPR and IoT: What do you need to know?
GDPR and IoT: What do you need to know?
 
The death of data protection sans obama
The death of data protection sans obamaThe death of data protection sans obama
The death of data protection sans obama
 
The death of data protection
The death of data protection The death of data protection
The death of data protection
 
Kasita's presentation
Kasita's presentationKasita's presentation
Kasita's presentation
 
Analytics in Action - Data Protection
Analytics in Action - Data ProtectionAnalytics in Action - Data Protection
Analytics in Action - Data Protection
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 
Kawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the CloudKawser Hamid : ICO and Data Protection in the Cloud
Kawser Hamid : ICO and Data Protection in the Cloud
 
What is tokenization in blockchain?
What is tokenization in blockchain?What is tokenization in blockchain?
What is tokenization in blockchain?
 
ISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloudISSA Atlanta - Emerging application and data protection for multi cloud
ISSA Atlanta - Emerging application and data protection for multi cloud
 
SoBigData. European Research Infrastructure for Big Data and Social Mining
SoBigData. European Research Infrastructure for Big Data and Social MiningSoBigData. European Research Infrastructure for Big Data and Social Mining
SoBigData. European Research Infrastructure for Big Data and Social Mining
 
Recent developments and future challenges in privacy
Recent developments and future challenges in privacyRecent developments and future challenges in privacy
Recent developments and future challenges in privacy
 

More from Salman Baset

Blockchain - Beyond the Hype
Blockchain - Beyond the HypeBlockchain - Beyond the Hype
Blockchain - Beyond the Hype
Salman Baset
 
Container Security
Container SecurityContainer Security
Container Security
Salman Baset
 
Dissecting Open Source Cloud Evolution: An OpenStack Case Study
Dissecting Open Source Cloud Evolution: An OpenStack Case StudyDissecting Open Source Cloud Evolution: An OpenStack Case Study
Dissecting Open Source Cloud Evolution: An OpenStack Case Study
Salman Baset
 
Open Source Cloud Technologies
Open Source Cloud TechnologiesOpen Source Cloud Technologies
Open Source Cloud Technologies
Salman Baset
 
Cloud SLAs: Present and Future
Cloud SLAs: Present and FutureCloud SLAs: Present and Future
Cloud SLAs: Present and Future
Salman Baset
 
SPEC Cloud (TM) IaaS 2016 Benchmark
SPEC Cloud (TM) IaaS 2016 BenchmarkSPEC Cloud (TM) IaaS 2016 Benchmark
SPEC Cloud (TM) IaaS 2016 Benchmark
Salman Baset
 
A Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsA Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container Platforms
Salman Baset
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
Salman Baset
 

More from Salman Baset (8)

Blockchain - Beyond the Hype
Blockchain - Beyond the HypeBlockchain - Beyond the Hype
Blockchain - Beyond the Hype
 
Container Security
Container SecurityContainer Security
Container Security
 
Dissecting Open Source Cloud Evolution: An OpenStack Case Study
Dissecting Open Source Cloud Evolution: An OpenStack Case StudyDissecting Open Source Cloud Evolution: An OpenStack Case Study
Dissecting Open Source Cloud Evolution: An OpenStack Case Study
 
Open Source Cloud Technologies
Open Source Cloud TechnologiesOpen Source Cloud Technologies
Open Source Cloud Technologies
 
Cloud SLAs: Present and Future
Cloud SLAs: Present and FutureCloud SLAs: Present and Future
Cloud SLAs: Present and Future
 
SPEC Cloud (TM) IaaS 2016 Benchmark
SPEC Cloud (TM) IaaS 2016 BenchmarkSPEC Cloud (TM) IaaS 2016 Benchmark
SPEC Cloud (TM) IaaS 2016 Benchmark
 
A Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container PlatformsA Survey of Container Security in 2016: A Security Update on Container Platforms
A Survey of Container Security in 2016: A Security Update on Container Platforms
 
Unraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production CloudUnraveling Docker Security: Lessons From a Production Cloud
Unraveling Docker Security: Lessons From a Production Cloud
 

Recently uploaded

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Albert Hoitingh
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
Prayukth K V
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
ControlCase
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
DianaGray10
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
Cheryl Hung
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Jeffrey Haguewood
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Product School
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
Product School
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Inflectra
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
Product School
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
Dorra BARTAGUIZ
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
Safe Software
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
91mobiles
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 

Recently uploaded (20)

Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
Encryption in Microsoft 365 - ExpertsLive Netherlands 2024
 
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 previewState of ICS and IoT Cyber Threat Landscape Report 2024 preview
State of ICS and IoT Cyber Threat Landscape Report 2024 preview
 
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdfFIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
FIDO Alliance Osaka Seminar: Passkeys at Amazon.pdf
 
PCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase TeamPCI PIN Basics Webinar from the Controlcase Team
PCI PIN Basics Webinar from the Controlcase Team
 
UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4UiPath Test Automation using UiPath Test Suite series, part 4
UiPath Test Automation using UiPath Test Suite series, part 4
 
Key Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdfKey Trends Shaping the Future of Infrastructure.pdf
Key Trends Shaping the Future of Infrastructure.pdf
 
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...
 
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdfFIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
FIDO Alliance Osaka Seminar: FIDO Security Aspects.pdf
 
Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...Designing Great Products: The Power of Design and Leadership by Chief Designe...
Designing Great Products: The Power of Design and Leadership by Chief Designe...
 
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
From Daily Decisions to Bottom Line: Connecting Product Work to Revenue by VP...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualitySoftware Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered Quality
 
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
De-mystifying Zero to One: Design Informed Techniques for Greenfield Innovati...
 
Elevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object CalisthenicsElevating Tactical DDD Patterns Through Object Calisthenics
Elevating Tactical DDD Patterns Through Object Calisthenics
 
Essentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with ParametersEssentials of Automations: Optimizing FME Workflows with Parameters
Essentials of Automations: Optimizing FME Workflows with Parameters
 
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdfSmart TV Buyer Insights Survey 2024 by 91mobiles.pdf
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 

GDPR and Blockchain

  • 1. General Data Protection Regulation (GDPR) and Blockchain Salman Baset 1
  • 2. Outline • GDPR and blockchain - summary • GDPR • What is GDPR? • Who are the actors? • What is personal data? • What are rights of a person? • What are the responsibilities of a controller? • Myths about GDPR • GDPR in action • Blockchain • What is blockchain? • Bitcoin – what is it and how people use it • Who is the data controller in bitcoin? • Types of blockchain • Properties of blockchain that are challenging for GDPR • Permissioned private blockchains and GDPR • GDPR and Blockchain • Possible approaches and their pitfalls 2
  • 3. Disclaimer • General Data Protection Regulation (GDPR) is a law. • I am not a lawyer; I am a security professional who has applied GDPR in permissioned private blockchains. • I am involved in various open source blockchain initiatives such as Hyperledger. 3
  • 4. GDPR and Blockchain* GDPR compliance is not about the technology, it is about how the technology is used Just like there is no GDPR-compliant Internet. Or there is no GDPR-compliant Artificial Intelligence. Similarly, there is no such thing as GDPR-compliant blockchain technology. There are only GDPR-compliant use cases and applications. The general approach for a use or an application is to avoid storing personal data on blockchain. https://www.eublockchainforum.eu/sites/default/files/reports/20181016_report_gdpr.pdf?width=1024&height=800&iframe=true 4
  • 5. What is GDPR? • A law that regulates the processing by an individual, a company, or an organization of personal data relating to individuals in the EU+. https://www.bbc.com/news/world-middle-east-24367705 EU has 28 member states • Switzerland is not a EU member • Norway is not a EU member • Brexit (United Kingdom) and GDPR? Affects every sector, from healthcare, to Internet services, to banking, and beyond. Individuals: applies to EU citizens as well as non-citizens in EU. GDPR came into effect on May 25, 2018. GDPR has 99 Articles and 173 recitals. + https://ec.europa.eu/info/law/law-topic/data-protection/reform/what-does-general-data-protection-regulation-gdpr-govern_en 5
  • 6. Who are the actors in GDPR? Data subject. Article 4(1). “‘person data’ means any information relating to an identified or identifiable natural person (‘data subject’)” Example: you S C P Data controller. Article 4(7). … “determines the purpose and means of the processing of personal data”… Example: University is a data controller. Data processor. Article 4(8). “ ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.” Example: University email service provided by a cloud service provider. DPO Data protection officer. Article 37-39. appointed by a controller and a processor to advise employees and monitor compliance Example: University privacy officer SA Supervisory authority. Article 4(21) and Article 51. An EU country-specific authority for monitoring compliance to GDPR DPB Data Protection Board. Article 68. Ensure consistent application of GDPR. monitor companycountryEU 6
  • 7. What is personal data? • Some things are obvious • Name • Biometric data • Racial or ethnic origin • Religious or political beliefs • Health data • Sex life and sexual orientation • Some things are not so obvious • IP address • Cookie ID • Employment and education history 7
  • 8. What are the rights of a data subject? Articles 12-23 Some examples in the blockchain context • Right to rectification – Article 16 • Right to be erasure – Article 17 • Right to restriction of processing – Article 18 • Right to data portability – Article 19 S 8
  • 9. What are the responsibilities of data controller and processor? • Many • Security of processing – Article 32 • “Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: • pseudonymization and encryption of data • the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;” • Notification of a personal data breach to the supervisory authority. Article 33. 9
  • 10. Where does a data controller or a processor typically find personal data? • Customer relationship management (CRM) databases • Human resource management (HRM) databases • Web server logs • Data backups / data warehouse 10
  • 11. Myths about GDPR • EU personal data must reside within a data center in EU. • False • GDPR applies when a EU person visits another country • False. Law of another country applies. • There are no exceptions in GDPR. • False. See above about law of another country. Other examples include law enforcement, public safety. • Office address is personal data? • False, but it depends. Your name with office address becomes personal data. 11
  • 12. How is GDPR doing since its release? • More companies reporting breaches • Fine imposed on British Airways • https://www.bbc.com/news/business-48905907 • Who is next? J 12
  • 13. Outline • GDPR and blockchain - summary • GDPR • What is GDPR? • Who are the actors? • What is personal data? • What are rights of a person? • What are the responsibilities of a controller? • Myths about GDPR • GDPR in action • Blockchain • What is blockchain? • Bitcoin – what is it and how people use it • Who is the data controller in bitcoin? • Types of blockchain • Properties of blockchain that are challenging for GDPR • Permissioned private blockchains and GDPR • GDPR and Blockchain • Possible approaches and their pitfalls 13
  • 14. What is blockchain? • NIST.IR.8202 • (first two lines of intro) Blockchains are tamper evident and tamper resistant digital ledgers implemented in a distributed fashion (i.e., without a central repository) and usually without a central authority (i.e., a bank, company, or government). At their basic level, they enable a community of users to record transactions in a shared ledger within that community, such that under normal operation of the blockchain network no transaction can be changed once published. What is a block? – grouping of transactions What is a transaction? – a mechanism to update the ledger Does the definition clearly state the append-only aspect of ledger? 14
  • 15. What is a “ledger”? • https://www.merriam-webster.com/dictionary/ledger • a book containing accounts to which debits and credits are posted from books of original entry • a horizontal board used for vertical support (as in scaffolding) • The ledger familiar to “most” of us…? • Personal journal 15
  • 16. Ledger vs. personal journal Ledger Personal journal Written on Paper with typically pen Paper, with pen or pencil Can also be written with IT system (e.g., computer, SaaS) IT system (e.g., computer, SaaS) Record of who made changes Important Not so much Common primary application Recording monetary transactions Thoughts Information lay out Structure (tabular), credit/debit, with dates Usually with dates Information is appended? Typically, yes Typically, yes Shared with others Employees (probably). Other entities, no, unless IRS J Depends J 16
  • 17. What is a digital ledger? • A ledger stored in a digital form • On a (personal) computer or a set of computers • Can contain data ranging from few bytes to peta bytes, and beyond • What is distributed paper ledger? • Create copies of paper and distribute it to relevant folks whenever there is a change? • What is a distributed digital ledger? (or simply distributed ledger) • Ledgers stored in digital form on a set of computers (e.g., cloud), where data repository is not confined to a single computer (NIST: without central repository). The structure of the information stored within the ledger depends on the application. 17
  • 18. Tamper evident and tamper resistant • Immutable: Merriam-Webster • https://www.merriam-webster.com/dictionary/immutable • not capable of or susceptible to change • Why do we write personal checks with a pen and not with a pencil? • May be, no one writes personal checks these days J • tamper evident and tamper resistant – to an extent • Can a (distributed) digital ledger be changed? • Of course! • How to detect changes to a (distributed) digital ledger and prevent changes? • Detect changes: audit logs • Prevent unauthorized changes: authz, authn (requires identity) 18
  • 19. [Lack of] Central authority or central repository - Examples • I run a database on my single machine. • Central repository? • Central authority? • A big search engine has a massive farm of distributed machines connected over network, that work together to respond to search queries. • Central repository? • Central authority? • A music file-sharing system (Napster) has a central list of which users have files, but files are downloaded peer-to-peer. • Central authority? • Central repository? • A file-sharing network has a distributed index of files and file chunks. • Central repository? • Central authority? 19 Who is data controller and data processor?
  • 20. What is Bitcoin? – from the paper Conclusion We have proposed a system for electronic transactions without relying on trust. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending. To solve this, we proposed a peer-to-peer network using proof- of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power. The network is robust in its unstructured simplicity. Nodes work all at once with little coordination. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis. Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone. They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism. 20
  • 21. What is Bitcoin? – from the paper Conclusion We have proposed a system for electronic transactions without relying on trust. We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending. To solve this, we proposed a peer-to-peer network using proof- of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power. The network is robust in its unstructured simplicity. Nodes work all at once with little coordination. They do not need to be identified, since messages are not routed to any particular place and only need to be delivered on a best effort basis. Nodes can leave and rejoin the network at will, accepting the proof-of-work chain as proof of what happened while they were gone. They vote with their CPU power, expressing their acceptance of valid blocks by working on extending them and rejecting invalid blocks by refusing to work on them. Any needed rules and incentives can be enforced with this consensus mechanism. https://bitcoin.org/bitcoin.pdf So, no non-electronic (aka paper) transactions? all over the world? distributed? anonymity is a goal ? anyone can join and leave consensus algorithm is fixed. interesting 21
  • 22. What is Bitcoin? – A geographically distributed peer-to- peer network Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger Bitcoin ledger 22
  • 23. Bitcoin: Blocks and Transactions Block N T1 T2: A -> B T3 T4 Block N+1 B->C Block N+2 C->D H(N) H(N+1) T1 T2 T3 T4 H() H() H() H() H() H() H(N) Transaction (oversimplification): - comprises the public key of the sender - Signed structured data (with private key of transaction originator) that indicates some transfer of bitcoins - The structured contains information about transfer of Bitcoins e.g., - S_key, Coin=1, R_key, Coin=2 S_key, Coin=0, R_key, Coin=3 - Public key of receiver 23 Does Bitcoin store personal information? No. However, if public keys can be attributed to a person with high fidelity, there is presently no way to break that linkage. e.g., by purging those transactions from the bitcoin ledger.
  • 24. How to people use Bitcoin? • Through an intermediary • Bitcoin exchange • Payment exchange • Directly – by running the software 24
  • 25. Who is the data controller / processor for Bitcoin? • Through an intermediary • Bitcoin exchange • Payment exchange • Intermediary becomes the data controller • Directly – by running the software • Can a peer-to-peer network which is not under anyone’s control be a data controller? • Are core software developers of Bitcoin data controllers? 25
  • 26. Distributed Ledger Technologies aka Blockchain categorization Drive value of cryptocurrency Cryptocurrency for a business use-case Blockchain for business Anonymous Permissioned CryptocurrencyNon-Cryptocurrency Standards bodies and consortiums 26
  • 27. Types of blockchain • What is public blockchain • Ledger is public – accessible by anyone • What is permission-less public blockchain? • Ledger is public, and anyone can join the network. (Bitcoin) • What is permissioned public blockchain • Ledger is public, but approvals required before joining the network. (Sovrin foundation, potentially Hyperledger Fabric also) • What is permissioned private blockchain? • Ledger is private, and approvals required before joining the network (Hyperledger Fabric) • What is permission-less private blockchain? • Good question :). Ledgers are private, but how can anyone join a private blockchain? 27
  • 28. Blockchain properties that are challenging for GDPR • Distributed – distributed without consent • Immutable – existing data cannot be changed • Permanent - existing data cannot be changed. Record is permanent 28
  • 29. What is Hyperledger? • Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration, hosted by The Linux Foundation, including leaders in finance, banking, Internet of Things, supply chains, manufacturing and Technology. • Launched in February 2016 https://www.hyperledger.org/about Frameworks Tools Hyperledger Indy Hyperledger Fabric Hyperledger Iroha Hyperledger Sawtooth Hyperledger Burrow Hyperledger Composer Hyperledger Explorer Hyperledger Cello 29 Hyperledger Ursa
  • 30. Overview of Hyperledger Fabric – Key Design Goals • The four P’s • Permissioned • Privacy • Pluggability • Performance 30
  • 31. Permissioned: Existing members determine who can join the network, and update configuration Public blockchains • Download software and connect to network • Configuration updated through developer or community consensus Hyperledger Fabric • Policy-based mechanism to admit new members and to update configuration 6/8 votes (admit A: majority vote) A A B I want to invite A to network A B A B A B A B A B A B A B B I want to invite B to network A B 3/8 votes (reject B: majority vote) Permissioned != Private 31
  • 32. Privacy: Smart contract execution, and transaction data storage limited to a set of nodes in the network based on policy Public blockchains • Every node runs smart contract • Every full node can potentially have a full copy of the ledger Hyperledger Fabric • A subset of nodes will run smart contracts • The ledger updates are limited to set of nodes (channel). • Nodes in a channel can directly share private data directly with subset of nodes (collections, v1.1 feature) SC SC SC SC SC SC SC SC SCSC SC Channel / Private data collection 32
  • 33. Pluggability: consensus, identity provider, crypto, data format, smart contract language Public blockchains • Fixed or hard to change consensus algorithm (proof of work) • Fixed encryption (e.g., secp256k1) • Identity = public key - self • Domain specific language (DSL) for writing smart contracts Hyperledger Fabric • Pluggable consensus algorithm (PBFT, Kafka) • Pluggable crypto service provider • Pluggable identity provider, zero knowledge proofs • General data format, key / value pair • General purpose languages for writing smart contracts (Javascript, Go) 33
  • 34. Hyperledger Fabric and GDPR • Transaction (oversimplification): • comprises X.509 certificate of originator containing its public key • As well as entities signing (voting) on this request • No structure of data being stored • Key / value • X.509 certificate may contain personal data - see screenshot • Values may contain personal data 34
  • 35. Possible approaches for GDPR and Blockchain – and their pitfalls • Avoid storing personal data on blockchain • Anonymize data and store on blockchain • Not much business value • Encrypt data and store on blockchain • Encryption can be broken one day • Pseudonymize personal data • A random identifier stored in blockchain in lieu of personal data • An off-blockchain database stores the link between random identifier and personal data • Logical deletion achieved by deleting personal data from off-blockchain database • Permissioned private blockchains • Establishing a governance process of which information will be stored in blockchain is critical go ensuring adherence to GDPR 35
  • 36. Conclusion • Start with big picture – establish governance process • Avoid storing personal data on blockchain • If blockchain is unavoidable, consider permissioned private blockchains • Be as clear and as transparent to your users 36