One of the research topics of the SPECIAL project is how public logs (‘ledgers’) can help to keep records of personal data that a person has given to a company, in such a way that the record cannot be altered, is secure for a long time, and can be verified by third parties (preferably without disclosing any personal data). A company may be bought by another, may change its computer systems, or sell its assets, but the person who gave his data must still be able to correct the data, or retract his permission for using it.
The GDPR, the European regulation governing personal data, will come into force in May 2018 and requires these characteristics. For any implementation of the requirements to be lasting and usable, it has to be based on standards. The paper by Piero Bonatti, Sabrina Kirrane, Axel Polleres and Rigo Wenning explores the issues and looks at different technologies. Questions such as interoperability between systems and how to allow errors to be corrected without compromising the integrity of the system are still not solved.