privacyTracker: A Privacy-by-Design GDPR-Compliant Framework with Verifiable Data Traceability Controls

Breach or lack of online privacy has become almost a commonplace of today’s digital age, mainly due to the inability of either enforcing privacy requirements or imposing strict sanctions against violations. The current state of affairs in data privacy is at a turning point for companies operating in EU state members as the enforcement of the General Data Protection Regulation (GDPR) empowers users with control over their personal data, including regulating its disclosure, withdrawing disclosure consent at any given time and tracking their data trail. Compliance with the GDPR is mandatory and it requires signifiant amendments and/or restructuring of data processing routines undertaken by enterprises. Currently, there is no framework to support the GDPR principles. This paper proposes privacyTracker, a GDPR-compliant framework that supports basic GDPR principles including data traceability and allowing a user to get a cryptographically verifiable snapshot of his/her data trail.