How Blockchain Can Help Companies Face the New GDPR Rules

The new General Data Protection Regulation (GDPR) guidelines governing the European Union (EU) officially come into play on May 25. Businesses and their associated websites had about three years to comply with the new set of rules. The companies that didn’t bother adjusting their data collection methodologies could face stiff fines.

Most companies issued a new “Terms of Use” to be on the safe side of the road. However, a blockchain system could solve the problem once and for all.

According to the GDPR, companies are expected to follow new guidelines in order to be allowed to operate for European citizens. Those regulations include the ability for the user to consent to their data being processed, the knowledge of who is processing the data and the ability to withdraw consent at any time..

Blockchain can play a vital role in this process. Websites that have users register on a distributed ledger system provide an upper hand, allowing them to be in charge of the data they provide.

Blockchain’s Role

When applied to systems in need of identity management, blockchain can operate in a level no other protocol can. The way it stores, collects and distributes data is revolutionizing. There is a brand new set of capabilities not available on any existing data protection method.

Blockchain verifies data usage through a complicated combination of public and private signatures, data hashing and encryption. This allows a person’s data and identity to be saved only on his end, rather than on a server. When that data is requested, it has to be provided from the user’s device instead of the main server.

While running on a blockchain system, the user is able to process exchanges personally, meaning the company that wants his data will have to get his consent in order to access them. This allows the user to have absolute control over his information, as well as know the company that uses it, meeting the GDPR’s “Right to Erasure” condition.

The use of blockchain also eliminates the need for massive databases since each user stores his own data. Blockchain makes it possible for each user to connect when needed, allowing companies to keep minimum information on customers and employees. Applying those changes to their products as well allows the company to meet GDPR’s “privacy by design” condition.

Privacy by design is, in essence, a new GDPR provision. According to it, companies are obligated to have platforms that are built on data privacy, with their products or services privacy in the cognizance of the rightful user. With blockchain technology, the process is automatically private, thus meeting the privacy by design criteria.

It remains to be seen if GDPR rules come into place on May 25 and whether fines will actually be levied on websites that do not comply. According to GDPR, the fees may come up to 4% of its annual global turnover, or €20 million, whichever is greater. This amount is enough to deter both small and large companies, although implementation will be key.

Blockchain can be the pioneer system behind the web sooner than we think. GDPR paves the way for greater blockchain adoption at a level that extends far beyond core business functions and cryptocurrency transactions.

Featured image courtesy of Shutterstock.

Comments
  • I fail to understand how “With blockchain technology, the process is automatically private, thus meeting the privacy by design criteria.”. While the chaining of the blocks is cryptographically secure, that is not making the process secure by design.

    There are several paragraphs that go a bit over the top: “This allows the user to have absolute control over his information, as well as know the company that uses it, meeting the GDPR’s “Right to Erasure” condition.”. Technically speaking, if the user data is to be saved on a blockchain, changing it is not possible without tampering the blocks. I’m not sure how you envision here that the Right to Erasure is met …

Leave a Reply