The debate around the General Data Protection Regulation (GDPR) across European Union (EU) nations is much older than the data safety controversies associated with Facebook, Target, and many other companies.
The regulation came into effect on May 25, 2018, and discussions about the opportunities and benefits for businesses and common people are still very much underway.
For the uninitiated, GDPR allows better control on personal data to the citizens of the EU. Because of this new regulation, businesses are having to redesign their data systems and customer master records. They also need to have a close tab on whether the customers have agreed to their data being used for a specific purpose.
Importantly, individuals can also request their data traces to be completely erased at any point of time. Lastly, the businesses should be able to produce compliance reports instantly.
While there could be some initial hiccups about complete compliance with GDPR, technology like blockchain offers a bright spot on the horizon.
Here is why we can expect it to become extremely relevant in Europe after GDPR comes to effect.
The GDPR and blockchain both have a common objective, to highlight the need for a change in the way businesses manage personal data. While GDPR takes care of the policy side, blockchain helps enables the implementation.
To empower people with ultimate control over their personal data, they should also have the key to provide and rescind scoped access. The third parties should accept the data and validate it for further use as an identifier. Based on a distributed ledger, blockchain allows the individuals to share their information in such a way that no distinct entity controls or manages it.
A decentralised, peer-to-peer network means that the data history and current validity can be audited publicly. Therefore, issuers like trusted governments or licensing agencies can add/change identity information to an individual’s blockchain record with due permission or request by the user. Thus, blockchain is a neutral, trusted and safe way for self-managed identity.
This is a critical aspect of the new regulation. Fortunately, blockchain is the most trustworthy solution to address this aspect. There is no lack of academic and industry studies to suggest that it is tamper proof and so far the safest method to store and manage digital records. In layman terms, blockchain uses cryptography to safeguard the records.
Subjects or recognized authorities of the data can globally attest to its accuracy using their own private keys that work as a personal digital signature. When any record is altered, the signature turns invalid and the peer network receives real-time notification. This provides a secure way to quickly validate the accuracy of information.
Right To Data Erasure
Blockchain critics would claim that this is the most difficult part of GDPR to comply with, using a blockchain. The blockchain ledger is append-only and immutable. Once the data is stored, it cannot be undone. Moreover, the chain of blocks has traces of historical transaction going back to the time of inception of the first block.
To solve this problem, no personal data should be put on the blockchain directly. Instead, the user can store a cryptographic hash or share the “evidence” rather than the actual data which remains protected at all times, and of course that is the reason for the regulation in the first place.