Self-regulatory Framework for Blockchain Compliance with the General Data Protection Regulation

Since the General Data Protection Regulation (GDPR) enforcement, blockchain stakeholders worldwide have been facing regulatory compliance issues. Unfortunately, few studies have comprehensively addressed this compliance issue. Additionally, inherent blockchain immutability and transparency present challenges from a GDPR perspective. Thus, this study proposed a self-regulatory framework for blockchain compliance with the GDPR in this study. The proposed framework is a regulatory governance model that makes blockchains recognize the GDPR regulatory principles and regulates data processing activities based on these principles. Compared to previous models, the proposed framework makes considerable improvements regarding regulatory autonomy and preservation: (1) informal legal knowledge is automatically transformed into a formalized ontology model and integrated into a blockchain system in six phases with minimum intervention of centralized elements, and (2) the proposed framework has high regulatory preservation, which preserves the original legal intent of the GDPR, even during phase transition so that legal principles can be accommodated into blockchains without any loss of meaning. Moreover, the proposed framework was implemented as a pilot in the Hyperledger Fabric test network; the feasibility of program implementation was demonstrated using scenario-based tests. This study is thus very valuable in demonstrating an early self-regulatory framework for blockchains that are in the blind spot of the regulations.