From the beginning of the project, the consortium worked together to deliver an innovative scalable Platform for personal data protection, supporting the pillars of the EU's General Data Protection Regulation (GDPR), with regards to digital security, that was implemented within a single, integrated tool, adopting blockchain and smart contracts technology.
The main goal of this Platform was to provide targeted benefits for the final end users by enabling data protection by design and by default. In particular, the project delivered an easily accessible and simple Privacy Enhancing Dashboard useful for monitoring, keeping track record, and controlling all aspects related to data subjects, personal data, privacy settings, eventually deciding to authorize/un-authorize personal data transfers.
Thus, PoSeID-on aimed at empowering data subjects in having a concise, transparent, intelligible and easy access, as well as tracking, control and management of their personal data processed by public and private organizations, acting as data controllers and/or data providers, allowing them to make conscious decisions on who can process their own data based on data controller trustworthiness, enabling or revoking permissions, asking for definitely remove their personal data or restricting the data to be shared following the data minimisation principle.
To do so, project partners worked to develop a risk management framework to be integrated into the Privacy Enhancing Dashboard and which automatically checks the legitimacy of data processing and exchanges between different parties by alerting data subjects in case of aberration, potentially leading to infringement of fundamental rights and freedom.
As a further aim, PoSeID-on worked to support the compliance of technological services and products with the GDPR regarding personal data, by integrating advanced ICT-based tools within a replicable and scalable framework, which was implemented within a broad spectrum of products and services.
Thus, the work done in the past 35 months of project, allowed the implementation of:
-a Privacy Enhanced Dashboard as an ICT integrated prototype also provided with an innovative web-based dashboard for data subjects with a user-friendly interface.
-Open source components or API, as interoperable ICT components to be potentially integrated in any public or private ICT architecture.
-a Cloud-based Privacy Enhanced Dashboard as a Service (PEDaaS) to be adopted by public or private organizations in case they do not have their own blockchain and/or cloud or they can't afford the cost of managing GDPR compliant tools.
These tools were finally tested in four different use cases which took place in four different countries: Italy, Spain, France, Malta.
In this regard, the second reporting period was fundamental to finalise the development of the tools and of the PoSeID-on architecture (Web-based Dashboard, the Risk Management module and the Personal Data Analyser), to guarantee the full integration between the Blockchain and the PoSeID-on platform and so the deployment of the use cases.