A Gap Between Blockchain and General Data Protection Regulation: A Systematic Review

Abstract

Read online

As a service platform, blockchain has faced compliance issues since the General Data Protection Regulation (GDPR) came into effect in May 2018. Although many technical solutions have been proposed to solve the compatibility issues between blockchain and the GDPR, unresolved challenges remain. This study presents the gaps between the blockchain and the GDPR and explores solutions to bridge the gap. We review 91 previously published articles using a systematic literature review methodology. Then, we answer the following research questions: 1) Which solutions have been explored to allow the blockchain to comply with the GDPR? 2) What are the research gaps in the blockchain compliance field? Finally, we present five research gaps in this field: 1) development of a consent ontology model; 2) development of a methodology for monitoring fairness in the blockchain; 3) resolution of the contradiction between auditing and obfuscation; 4) development of a methodology for tracking controllers in the blockchain; and 5) integration of the different-purposed technical solutions without conflicts. Our research can raise the compatibility level of the blockchain and GDPR and guide the company adopting a blockchain to comply with the GDPR. Furthermore, it can advise the regulator to embrace new technologies into the GDPR while protecting a blockchain’s nature.

Keywords

• Access control
• attribute-based encryption (ABE)
• blockchain
• data subject
• compliance
• confidentiality