Background: Conventional blockchain ledgers are immutable by design, which conflicts with the right to erasure mandated by the European Union General Data Protection Regulation (GDPR, Article 17), particularly for identity and access management (IAM) workloads that store personal data on-chain. Methods: We integrated the National Institute of Standards and Technology (NIST) data block matrix (DBM) into Hyperledger Fabric, developed an IAM chaincode with erasure-aware role-based and attribute-based access control, formally modeled the deletion protocol in TLA+ at a bounded scope (up to 4 organizations, 3 assets, quorum =3), and evaluated the design on a local 3-VM testbed and a 20-organization cross-region Google Kubernetes Engine (GKE) deployment. Results: Hash-operation counts from 102 to 106 blocks track the theoretical O(N) bound; chaincode-level throughput reaches 78–102 TPS for individual operations and 1967–2465 TPS for batch writes, with a 305 TPS sustained measurement across 20 organizations over an 80–100 ms cross-region link. Conclusions: The design supports technical alignment with GDPR Article 17 for on-chain data, but a deterministic timing oracle on the deletion reject path and a rate-limiter gap on the request path remain open; these are disclosed as scope limitations and prioritized for structural mitigation in future work.
Bulzan et al. (Mon,) studied this question.