Incidents involving confidentiality and vigilance against user privacy invasions raise doubts as to current third-party data collection procedures. Personally identifiable information (PII) is being abused for medical data breaches, identity theft, spam, phishing, cyber spying, etc. A great amount of data is flowing from users to companies for prediction and analysis of data-centric markets. It is thus difficult to track PII flow and genuineness. Blockchain technology, which is an “immutable” distributed ledger, can efficiently track PII exchange, storing, and distribution. In contrast, the EU general data protection regulation (GDPR) in progress claims “a right to forget” and a right “to delete”. However, the present specification proposes an off-chain blockchain architecture using both a local database and a distributed ledger to guarantee a trustable PII life cycle.