Access Control Model Extensions To Support Data Privacy Protection Based On Gdpr

The General Data Protection Regulation (GDPR) gives control of data to the data owner. It imposes several requirements and obligations on organizations that process and manage personal data of EU citizens. GDPR uses consent as a legal basis for personal data processing. We design a semantic model to represent GDPR consents; our model is explicit, understandable, and reusable. Ensuring that organizations comply with GDPR with respect to user consents is a critical issue. To address such an issue, we propose a Blockchain-based model for compliance verification. Our decentralized model ensures that only parties authorized based on users' consent can access users' data and that all activities are logged in an immutable distributed ledger. Our GDPR privacy protection framework is cast into the XACMI, reference architecture.