{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,10,3]],"date-time":"2025-10-03T15:10:36Z","timestamp":1759504236304,"version":"build-2065373602"},"reference-count":18,"publisher":"MDPI AG","issue":"4","license":[{"start":{"date-parts":[[2025,10,3]],"date-time":"2025-10-03T00:00:00Z","timestamp":1759449600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"funder":[{"name":"EK\u00d6P-24 University Excellence Scholarship Program"}],"content-domain":{"domain":["www.mdpi.com"],"crossmark-restriction":true},"short-container-title":["JCP"],"abstract":"<jats:p>The General Data Protection Regulation (GDPR) imposes additional demands and obligations on service providers that handle and process personal data. In this paper, we examine how advanced cryptographic techniques can be employed to develop a privacy-preserving solution for ensuring GDPR compliance in Industrial Internet of Things (IIoT) systems. The primary objective is to ensure that sensitive data from IIoT devices is encrypted and accessible only to authorized entities, in accordance with Article 32 of the GDPR. The proposed system combines Decentralized Attribute-Based Encryption (DABE) with smart contracts on a blockchain to create a decentralized way of managing access to IIoT systems. The proposed system is used in an IIoT use case where industrial sensors collect operational data that is encrypted according to DABE. The encrypted data is stored in the IPFS decentralized storage system. The access policy and IPFS hash are stored in the blockchain\u2019s smart contracts, allowing only authorized and compliant entities to retrieve the data based on matching attributes. This decentralized system ensures that information is stored encrypted and secure until it is retrieved by legitimate entities, whose access rights are automatically enforced by smart contracts. The implementation and evaluation of the proposed system have been analyzed and discussed, showing the promising achievement of the proposed system.<\/jats:p>","DOI":"10.3390\/jcp5040084","type":"journal-article","created":{"date-parts":[[2025,10,3]],"date-time":"2025-10-03T14:18:28Z","timestamp":1759501108000},"page":"84","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":0,"title":["Blockchain-Enabled GDPR Compliance Enforcement for IIoT Data Access"],"prefix":"10.3390","volume":"5","author":[{"given":"Amina","family":"Isazade","sequence":"first","affiliation":[{"name":"Department of Computer Algebra, ELTE Eotvos Lorand University, 1053 Budapest, Hungary"}]},{"ORCID":"https:\/\/orcid.org\/0000-0002-2866-0743","authenticated-orcid":false,"given":"Ali","family":"Malik","sequence":"additional","affiliation":[{"name":"School of Electrical and Electronic Engineering, Technological University Dublin, D07 EWV4 Dublin, Ireland"}]},{"ORCID":"https:\/\/orcid.org\/0000-0003-1619-2927","authenticated-orcid":false,"given":"Mohammed B.","family":"Alshawki","sequence":"additional","affiliation":[{"name":"Department of Computer Algebra, ELTE Eotvos Lorand University, 1053 Budapest, Hungary"},{"name":"Institute for Data Science, Cloud Computing and IT Security (IDACUS), 78054 Furtwangen im Schwarzwald, Germany"}]}],"member":"1968","published-online":{"date-parts":[[2025,10,3]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","first-page":"4724","DOI":"10.1109\/TII.2018.2852491","article-title":"Industrial internet of things: Challenges, opportunities, and directions","volume":"14","author":"Sisinni","year":"2018","journal-title":"IEEE Trans. Ind. Inform."},{"key":"ref_2","doi-asserted-by":"crossref","first-page":"152351","DOI":"10.1109\/ACCESS.2020.3016937","article-title":"Security and Privacy in the Industrial Internet of Things: Current Standards and Future Challenges","volume":"8","author":"Gebremichael","year":"2020","journal-title":"IEEE Access"},{"key":"ref_3","unstructured":"(2023, February 26). European Commission Regulation (EU) 2016\/679 of the European Parliament and of the Council of 27 April 2016 on the Protection of Natural Persons with Regard to the Processing of Personal Data and on the Free Movement of Such Data, and Repealing Directive 95\/46\/EC (General Data Protection Regulation). Available online: https:\/\/eur-lex.europa.eu\/eli\/reg\/2016\/679\/oj."},{"key":"ref_4","unstructured":"Goyal, V., Pandey, O., Sahai, A., and Waters, B. (November, January 30). Attribute-Based Encryption for Fine-Grained Access Control of Encrypted Data. Proceedings of the 13th ACM Conference on Computer and Communications Security, Alexandria, VA, USA."},{"key":"ref_5","unstructured":"Lewko, A., and Waters, B. (2011, January 15\u201319). Decentralizing attribute-based encryption. Proceedings of the Annual International Conference on the Theory and Applications of Cryptographic Techniques, Tallinn, Estonia."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"361","DOI":"10.32604\/csse.2021.015206","article-title":"Cyber security and privacy issues in industrial internet of things","volume":"37","author":"Jhanjhi","year":"2021","journal-title":"Comput. Syst. Sci. Eng."},{"key":"ref_7","doi-asserted-by":"crossref","unstructured":"Valadares, D.C.G., Perkusich, A., Martins, A.F., Alshawki, M.B., and Seline, C. (2023). Privacy-preserving blockchain technologies. Sensors, 23.","DOI":"10.3390\/s23167172"},{"key":"ref_8","unstructured":"Hu, C., Luo, J., Pu, Y., Yu, J., Zhao, R., Huang, H., and Xiang, T. (2018, January 20\u201322). An efficient privacy-preserving data aggregation scheme for IoT. Proceedings of the Wireless Algorithms, Systems, and Applications: 13th International Conference, WASA 2018, Tianjin, China. Proceedings 13."},{"key":"ref_9","doi-asserted-by":"crossref","unstructured":"Hu, C., Huo, Y., Ma, L., Liu, H., Deng, S., and Feng, L. (2017, January 19\u201321). An attribute-based secure and scalable scheme for data communications in smart grids. Proceedings of the International Conference on Wireless Algorithms, Systems, and Applications, Guilin, China.","DOI":"10.1007\/978-3-319-60033-8_41"},{"key":"ref_10","doi-asserted-by":"crossref","first-page":"12586","DOI":"10.1109\/ACCESS.2024.3354846","article-title":"Blockchain-assisted hierarchical attribute-based encryption scheme for secure information sharing in industrial internet of things","volume":"12","author":"Sasikumar","year":"2024","journal-title":"IEEE Access"},{"key":"ref_11","first-page":"3797","article-title":"Ether-IoT: A Realtime Lightweight and Scalable Blockchain-Enabled Cache Algorithm for IoT Access Control","volume":"75","author":"Hussain","year":"2023","journal-title":"Comput. Mater. Contin."},{"key":"ref_12","doi-asserted-by":"crossref","unstructured":"Lee, J., Kim, M., Park, K., Noh, S., Bisht, A., Das, A.K., and Park, Y. (2023). Blockchain-Based Data Access Control and Key Agreement System in IoT Environment. Sensors, 23.","DOI":"10.3390\/s23115173"},{"key":"ref_13","doi-asserted-by":"crossref","unstructured":"Roy, S., and Ghosh, S. (2023). BloAC: A Blockchain-Based Secure Access Control Management System for IoT. TechRxiv.","DOI":"10.36227\/techrxiv.23282816.v1"},{"key":"ref_14","doi-asserted-by":"crossref","unstructured":"Zaidi, S.Y.A., Shah, M.A., Khattak, H.A., Maple, C., Rauf, H.T., El-Sherbeeny, A.M., and El-Meligy, M.A. (2021). An attribute-based access control for IoT using blockchain and smart contracts. Sustainability, 13.","DOI":"10.3390\/su131910556"},{"key":"ref_15","doi-asserted-by":"crossref","unstructured":"Morello, M., Sainio, P., and Alshawki, M. (2024, January 4\u20136). Regulatory Compliance Verification: A Privacy Preserving Approach. Proceedings of the 2024 8th Cyber Security in Networking Conference (CSNet), Paris, France.","DOI":"10.1109\/CSNet64211.2024.10851761"},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Alshawki, M.B., Ligeti, P., and Reich, C. (2022, January 20\u201322). Sdabe: Efficient encryption in decentralized cp-abe using secret sharing. Proceedings of the 2022 International Conference on Electrical, Computer and Energy Technologies (ICECET), Prague, Czech Republic.","DOI":"10.1109\/ICECET55527.2022.9872711"},{"key":"ref_17","doi-asserted-by":"crossref","unstructured":"Alshawki, M.B., Ligeti, P., and Reich, C. (2022, January 20\u201323). Poster: ODABE: Outsourced Decentralized CP-ABE in Internet of Things. Proceedings of the International Conference on Applied Cryptography and Network Security, Rome, Italy.","DOI":"10.1007\/978-3-031-16815-4_35"},{"key":"ref_18","doi-asserted-by":"crossref","unstructured":"Riepel, D., and Wee, H. (2022, January 7\u201311). FABEO: Fast Attribute-Based Encryption with Optimal Security. Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (CCS \u201922), Los Angeles, CA, USA.","DOI":"10.1145\/3548606.3560699"}],"container-title":["Journal of Cybersecurity and Privacy"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/4\/84\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,3]],"date-time":"2025-10-03T14:30:42Z","timestamp":1759501842000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/2624-800X\/5\/4\/84"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,10,3]]},"references-count":18,"journal-issue":{"issue":"4","published-online":{"date-parts":[[2025,12]]}},"alternative-id":["jcp5040084"],"URL":"https:\/\/doi.org\/10.3390\/jcp5040084","relation":{},"ISSN":["2624-800X"],"issn-type":[{"value":"2624-800X","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,10,3]]}}}