GDPR And Blockchain

The European Union GDPR (“General Data Protection Regulation”) has taken effect and has changed the way how businesses process EU citizens' data, with increased privacy protection which has an important change. The best feature is “Right to be forgotten” (or can be said as the right to permanently delete user data). GDPR aims to protect personal data, which includes name, address, contact details, any kind of biometric or identification data, location, and Web IP etc.

Organizations are encouraged to update their terms and condition and privacy policies to include,

  • Transparency and control over sharing personal data with others
  • The way how the data is being shared to comply laws
  • Additional focus on using can be controlling the data

The organizations found not to be compliant with the new regulations may be fined for misuse or mishandling of personal information. A company should notify its customer within 72 hours in case of any data breach.

You must be wondering which companies fall under GDPR.

  • Companies who store or control EU citizens' data
  • Companies with more than 250 employees

What changes they must implement -

  • Reporting information to ICO (“Information Commissioner's office”) if any data breach happens
  • Making sure that all the sensitive information is stored at a secured place.
  • Making sure that sensitive information is encrypted.

So far, we have gone through what GDPR actually is, but how it will be affected by Blockchain technology.

When an enforceable right meets an immutable ledger.

For those who want to know the basics of blockchain, you can refer to my article.

“Right to be forgotten” poses a challenge for blockchain implementation because blockchains are essentially designed to last forever. Its fundamental element is “hashing” that means the data once stored can’t be changed or modified. It provides references to previous blocks and the inability to alter them at the risk of altering the entire chain. GDPR does not prohibit blockchain but it does pose some procedural requirements. Since the technology is in its early stage, it is likely that GDPR compliant blockchain enterprises will begin to commercialize. Companies like Microsoft and Intel have joined GDPR Edge, a distributed blockchain solution platform.

GDPR and blockchain start from incompatible assumptions about data integrity. While GDPR requires adjustability, blockchain delivers consistency.

It is true that modifying data on blockchain is very hard and many of us have an opinion that GDPR is incompatible with blockchain. There will be an array of viable solutions as the GDPR goes into its journey in addition to guidance on a happy medium between the two of them.