GDPR & Blockchain – A future of Data PrivacyDoes the GDPR and Blockchain goes together? Well let us find out in this blog! The General Data Protection Regulation (GDPR), came into effect on May 25, 2018.
Cryptosoftwares for the ultimate solution of blockchain applications
What is GDPR?GDPR is a framework or set of rules drafted by the European Union (EU) which deals with things like Personal Data Privacy etc.
It’s almost one year since the framework came into being. The GDPR policies play a major part in transforming the business of any digital ventures.
IAPP or the International Association of Privacy Professionals have predicted that the enactment of GDPR policies will definitely create about 75,000 jobs related to privacy alone! Also, it will result in some good money to pour into the industry., because all the Fortune’s Global 500 companies will be spending something close to $8 Billion to be in terms with the GDPR policies.
It’s all there, but how does it affect the Blockchain, either positively or the opposite. Let us find out.
Basically the GDPR policies was implemented by the European Union with certain goals in mind. And they are as follows:
- To develop a uniform data regulation framework within the countries of Europe.
- To give the individuals that control over the storage and use of their own personal data.
Some of the General Data Protection Regulation (GDPR) PoliciesSome of the major regulations included in the General Data Protection Regulation are given below:
Article 15 – Grants EU citizens the right of access which requires companies to detail what personal data is being processed and how upon request.
Article 17 – Grants EU citizens the right to be forgotten and to data erasure which requires companies to stop processing and delete personal data upon request.
Article 20 – Grants EU citizens the right to data portability to enable citizens to transfer personal data between companies upon request.
Article 25, 32 – Require companies to implement reasonable data protection measures to protect EU citizens’ personal data and privacy by design.
Article 33, 34 – Require companies to report data breaches to supervisory authorities and individuals affected by a breach within 72 hours.
Article 35 – Require companies to perform data protection impact assessments to identify risks to EU citizen data outline measures to ensure those risks are addressed.
Article 37 – Requires certain companies to appoint data protection officers to oversee data security strategy and GDPR compliance.
GDPR and its Global OutreachThe real possibility of GDPR policies is not only limited to the European Union countries alone. It can be really implemented by the countries in any part of the world.
From the viewpoint of companies, a sudden inspection from the data protection auditors might be a real tough situation. It may so stressful even than the visit from a person from the tax department.
And if it’s found that the company does not comply with the GDPR policies strictly a hefty fine will be imposed, which can be almost 20 Million Euros or up to 4 percent of the company’s total turnover!
Apart from protecting data and other valuable information within the EU, they will also be responsible for handling the private information of the EU residents outside the European continent.
The European Union is also planning to impose certain rules like for any outside country which wishes to sign a trade deal with them would also be needed to sign up an agreement respecting GDPR policies.
It would be placing the European Union countries as the leaders in the Data Protection Policies!
Does Blockchain Escapes from the hands of GDPR?The idea of GDPR was actually came into the idea of the European Union in the beginning of the year 2012. But he main focal point of that meeting was on cloud services and social networking platforms, since the term Blockchain was not so common during those days. Cloud services and social networks are organized in a centralized platform where the data subjects contacts a centralized server entity. The main issue with having a centralized contact point is that, it will be more prone to hacking and other security threats.
But the case with decentralized platforms like Blockchains are totally different! How does the GDPR affects the Blockchains also?
The Blockchain will also comes under the control of GDPR policies. Why? Because it also deals with the storage of some really important personal data like that of one’s transaction history. So it should definitely come under the scope and possibility of GDPR.
At the first look, Blockchain and GDPR may feel like both of them are poles apart. A best example for this would be the the Article 17 of the GDPR policies, the “Right to Erasure”. This right may be felt as a contradiction in case of Blockchain. Also, there arises a question like who will be the person accountable in a purely decentralized Blockchain system?
Well all these things are to be sorted out through an open legal debate and hope it will be happening soon!
Blockchain with GDPR?The Blockchain and GDPR policies have a lot of things in common, eventhough it doesn’t look like at the first glance. Both works onto decentralize the data control and and to stop the power control of the centralized service providers. Also, it helps to control the data by the users themselves, instead of relying on some third parties.
When the Bitcoin model came into effect, actually they did not guarantee anonymity but the latest technological advancements from elementary tumblers to zk-SNARK applications, have brought the Bitcoin almost close to this idea.
Anonymity is not actually what the regulators are after instead they would be happy with the solutions suggested by the Blockchain itself.
Another exciting thing that the research avenue provides is a combination of trusted hardware and blockchains.
In public or centralized blockchains, the entire data involved will be replicated and transferred to all the participants in the network.
This makes the major elements involved in the GDPR policies like data deletion, and privacy a really impossible job for the users. A lot of researchers are really trying hard on ways to look how trusted computing devices like Intel SGX can provide secure and confidential data storage and privacy.
Combining trusted computing devices with the public blockchains helps us to protect the data from cyber attacks, and Blockchain will be the one who decides who can access the data and who cannot. It works on the basis of smart contracts, and they don’t have to trust the centralized service providers, instead everything will be taken care of the blockchain a trusted hardware by the users. Or in short, users will be the ones who deals with their own data!
ConclusionGDPR is a really appreciable approach in dealing with the personal data management. In the present world, there are a lot of cases, where the private and confidential information have been compromised from the side of third parties and have been resulted in huge loss to users as well as the ones who have our information.
GDPR policies makes sure the ways in which the companies collect and use the consumer data, and thing like the data are deleted upon the request of the users, etc. Although it is one of the latest data regulations that have been formulated, it still has to catch up with the decentralized platforms like Blockchain Technologies.
There are a lot of GDPR compliant Blockchain solutions like the Dispatch Protocol, still a lot of Blockchain enthusiasts argue that its totally against the basic ideals of the technology. So what’s the answer? Will Blockchain goes in hand with the GDPR? The answer would be a Yes, because the blockchain technology promotes high security in terms of data integrity. So chances are high that GDPR may promote the Blockchain technology in the near future.