GDPR
Generated from the RDF ontology.
Regulation: (EU) 2016/679
| Mode: Process Mode
| Blockchain fit: Strong
Protocol patterns
graph TB
GDPR{"📋 GDPR"}
Commitment_then_Submit{{"⚙️ Commitment-then-Submit"}}
GDPR --> Commitment_then_Submit
Lifecycle_State_Machine{{"⚙️ Lifecycle State Machine"}}
GDPR --> Lifecycle_State_Machine
MPT_per_Operator{{"⚙️ MPT-per-Operator"}}
GDPR --> MPT_per_Operator
Operator_as_Aggregator{{"⚙️ Operator-as-Aggregator"}}
GDPR --> Operator_as_Aggregator
Relay_State_Machine{{"⚙️ Relay State Machine"}}
GDPR --> Relay_State_Machine
Cross_Operator_Handoff{{"⚙️ Cross-Operator Handoff"}}
GDPR --> Cross_Operator_Handoff
Tiered_Access{{"⚙️ Tiered Access"}}
GDPR --> Tiered_Access
Parties
graph LR
subgraph Regulator["Regulator"]
Supervisory_Authority__DPA_[["Supervisory Authority (DPA)"]]
European_Data_Protection_Board[["European Data Protection Board"]]
end
subgraph Operator["Operator"]
Data_Controller["Data Controller"]
Data_Processor["Data Processor"]
end
subgraph User["User"]
Data_Subject(["Data Subject"])
end
subgraph Verification_Body["Verification Body"]
Certification_Body{{"Certification Body"}}
end
GDPR{"📋 GDPR"}
GDPR --> Regulator
GDPR --> Operator
GDPR --> User
GDPR --> Verification_Body
| Actor |
Schema role |
Notes |
| Supervisory Authority (DPA) |
Regulator |
National data protection authorities. 27+ in the EU. Art 51-59. |
| Data Controller |
Operator |
Determines purposes and means of processing. Art 4(7). Primary operator. |
| Data Processor |
Operator |
Processes on behalf of controller. Art 4(8). Secondary operator. |
| Data Subject |
User |
Identified or identifiable natural person. Art 4(1). No wallet needed. |
| Certification Body |
Verification Body |
Accredited body issuing Art 42 certifications. |
| European Data Protection Board |
Regulator |
Cross-border consistency mechanism. Art 68-76. |
Constraint check
| Constraint |
Result |
Justification |
| Data Cadence |
Pass |
Consent events, breach notifications (72h), rights requests (1 month), DPIAs — all event-driven or periodic. No real-time streaming. |
| Sequential Access |
Pass |
Single controller per trie. Rights requests follow a relay: subject → controller → response. |
| Liveness |
Pass |
Up to €20M / 4% global turnover. 72h breach deadline. 1-month rights response. Strongest penalties of any regulation analysed. |
| Fee Alignment |
Pass |
Controllers pay. Compliance cost (~€0.10-0.15 per record) negligible vs fine exposure. |
| Identity Delegation |
Pass |
Process mode. Data subjects exercise rights through digital channels. The signing function maps to the authenticated request. |
Obligations
graph LR
Breach_notification_to_SA["Breach notification to SA<br/><i>Art 33</i>"]
Commitment_then_Submit{{"⚙️ Commitment-then-Submit"}}
Breach_notification_to_SA -->|72 hours| Commitment_then_Submit
Event_driven_dt["Event-driven"]
Breach_notification_to_SA -.-> Event_driven_dt
Data_subject_rights_response["Data subject rights response<br/><i>Art 12-22</i>"]
Data_subject_rights_response -->|1 month extendable to 3 months| Commitment_then_Submit
Data_subject_rights_response -.-> Event_driven_dt
Consent_given_withdrawn["Consent given/withdrawn<br/><i>Art 7</i>"]
Lifecycle_State_Machine{{"⚙️ Lifecycle State Machine"}}
Consent_given_withdrawn -->|N/A — event-driven| Lifecycle_State_Machine
Consent_given_withdrawn -.-> Event_driven_dt
Processing_activity_records["Processing activity records<br/><i>Art 30</i>"]
MPT_per_Operator{{"⚙️ MPT-per-Operator"}}
Processing_activity_records -->|Ongoing — maintained continuously| MPT_per_Operator
Static_dt["Static"]
Processing_activity_records -.-> Static_dt
Data_Protection_Impact_Assessment["Data Protection Impact Assessment<br/><i>Art 35</i>"]
Data_Protection_Impact_Assessment -.-> Event_driven_dt
Data_protection_certification["Data protection certification<br/><i>Art 42</i>"]
Data_protection_certification -.-> Static_dt
Processor_agreement["Processor agreement<br/><i>Art 28</i>"]
Processor_agreement -.-> Static_dt
Cross_border_transfer_safeguard["Cross-border transfer safeguard<br/><i>Art 44-49</i>"]
Cross_border_transfer_safeguard -.-> Static_dt
Breach_notification_to_data_subjects["Breach notification to data subjects<br/><i>Art 34</i>"]
Breach_notification_to_data_subjects -.-> Event_driven_dt
| Obligation |
Legal basis |
Deadline |
Pattern |
Data type |
Access |
| Breach notification to SA |
Art 33 |
72 hours |
Commitment-then-Submit |
Event-driven |
Authorities Only |
| Data subject rights response |
Art 12-22 |
1 month (extendable to 3 months) |
Commitment-then-Submit |
Event-driven |
Authorized Operators |
| Consent given/withdrawn |
Art 7 |
N/A — event-driven |
Lifecycle State Machine |
Event-driven |
Authorized Operators |
| Processing activity records |
Art 30 |
Ongoing — maintained continuously |
MPT-per-Operator |
Static |
Authorities Only |
| Data Protection Impact Assessment |
Art 35 |
Before high-risk processing begins |
— |
Event-driven |
Authorities Only |
| Data protection certification |
Art 42 |
3-year validity, renewable |
— |
Static |
Public |
| Processor agreement |
Art 28 |
Before processing begins |
— |
Static |
Authorized Operators |
| Cross-border transfer safeguard |
Art 44-49 |
Before transfer |
— |
Static |
Authorities Only |
| Breach notification to data subjects |
Art 34 |
Without undue delay (high-risk breaches) |
— |
Event-driven |
Authorized Operators |
Trust model
graph LR
Data_Controller["Data Controller"]
Data_Subject["Data Subject"]
Data_Controller -- "Low: Controller claims consent existed, subje..." --> Data_Subject
Supervisory_Authority__DPA_["Supervisory Authority (DPA)"]
Data_Controller -- "Medium: Controller backdates breach notification" --> Supervisory_Authority__DPA_
Data_Processor["Data Processor"]
Data_Controller -- "Medium: Processor claims it followed instruction..." --> Data_Processor
Data_Subject -- "Low: Controller ignores rights request" --> Data_Controller
Supervisory_Authority__DPA_ -- "Medium: Controller presents selective compliance..." --> Data_Controller
Data_Controller -- "None: Portability disputes — who had data when" --> Data_Controller
| Party A |
Party B |
Trust |
Risk |
Mitigation |
| Data Controller |
Data Subject |
Low |
Controller claims consent existed, subject denies |
Immutable timestamped consent hash |
| Data Controller |
Supervisory Authority (DPA) |
Medium |
Controller backdates breach notification |
Commitment proves on-chain ordering and submission slot once the controller commits |
| Data Controller |
Data Processor |
Medium |
Processor claims it followed instructions |
On-chain agreement hash, activity proofs |
| Data Subject |
Data Controller |
Low |
Controller ignores rights request |
Commitment-then-submit proves response timeline |
| Supervisory Authority (DPA) |
Data Controller |
Medium |
Controller presents selective compliance evidence |
Completeness via MPT — all records in trie |
| Data Controller |
Data Controller |
None |
Portability disputes — who had data when |
Transfer records with timestamps |
Validator
graph TB
subgraph Actions["Redeemer Actions"]
CommitBreach["CommitBreach"]
SubmitBreachNotification["SubmitBreachNotification"]
CommitRightsRequest["CommitRightsRequest"]
SubmitRightsResponse["SubmitRightsResponse"]
ExtendRightsDeadline["ExtendRightsDeadline"]
RecordConsent["RecordConsent"]
WithdrawConsent["WithdrawConsent"]
UpdateProcessingRecord["UpdateProcessingRecord"]
ReferenceCertification["ReferenceCertification"]
RecordDPIA["RecordDPIA"]
end
subgraph Universal["Universal Guards"]
Controller_signature_present{{"✓ Controller signature present"}}
MPT_root_hash_consistent{{"✓ MPT root hash consistent"}}
end
Actions --> Universal
subgraph Specific["Action-Specific Guards"]
Controller_key___identity_trie("Controller key ∈ identity trie")
Controller_standing___suspended__regulation_trie_("Controller standing ≠ suspended (regulation trie)")
No_existing_commitment_on_leaf("No existing commitment on leaf")
Commitment_exists_on_leaf("Commitment exists on leaf")
Hash___empty("Hash ≠ empty")
Process_signature_present__data_subject_signed_("Process signature present (data subject signed)")
Rights_deadline_not_already_extended("Rights deadline not already extended")
Current_slot___original_deadline("Current slot ≤ original deadline")
Purpose_hash___empty("Purpose hash ≠ empty")
Consent_state___given__or_absent_("Consent state ≠ given (or absent)")
Consent_state___given("Consent state = given")
Certification_token_exists_and_not_expired("Certification token exists and not expired")
Cert_issuer___regulation_trie__qualified_body_("Cert issuer ∈ regulation trie (qualified body)")
end
CommitBreach --> Controller_key___identity_trie
CommitRightsRequest --> Controller_key___identity_trie
RecordConsent --> Controller_key___identity_trie
UpdateProcessingRecord --> Controller_key___identity_trie
RecordDPIA --> Controller_key___identity_trie
CommitBreach --> Controller_standing___suspended__regulation_trie_
UpdateProcessingRecord --> Controller_standing___suspended__regulation_trie_
CommitBreach --> No_existing_commitment_on_leaf
CommitRightsRequest --> No_existing_commitment_on_leaf
SubmitBreachNotification --> Commitment_exists_on_leaf
SubmitRightsResponse --> Commitment_exists_on_leaf
ExtendRightsDeadline --> Commitment_exists_on_leaf
SubmitBreachNotification --> Hash___empty
SubmitRightsResponse --> Hash___empty
ExtendRightsDeadline --> Hash___empty
UpdateProcessingRecord --> Hash___empty
RecordDPIA --> Hash___empty
CommitRightsRequest --> Process_signature_present__data_subject_signed_
RecordConsent --> Process_signature_present__data_subject_signed_
WithdrawConsent --> Process_signature_present__data_subject_signed_
ExtendRightsDeadline --> Rights_deadline_not_already_extended
ExtendRightsDeadline --> Current_slot___original_deadline
RecordConsent --> Purpose_hash___empty
RecordConsent --> Consent_state___given__or_absent_
WithdrawConsent --> Consent_state___given
ReferenceCertification --> Certification_token_exists_and_not_expired
ReferenceCertification --> Cert_issuer___regulation_trie__qualified_body_
Penalties
| Description |
Maximum fine |
| Controller/processor obligation breaches (Art 8, 11, 25-39, 42, 43) |
€10,000,000 or 2% global turnover |
| Processing principles, data subject rights, transfers (Art 5, 6, 7, 9, 12-22, 44-49) |
€20,000,000 or 4% global turnover |