GDPR Under Blockchain: How Does Blockchain Fit Alongside The GDPR?September 26, 2018GDPR
The Blockchain is a far-reaching technology that has the potential to revolutionise the way in which many industries operate. The blockchain and cryptocurrency both are parallel. The blockchain is renowned for its role in the formation of cryptocurrency. The GDPR under Blockchain is a far-reaching technology and contains the potential to revolutionise the way industries operate. Blockchain is well-known for its role in the formation of cryptocurrency.
- financials sectors,
- medical industries,
- legal enterprises
- and government departments.
Its immutable security also allows it to be useful in other enterprises such as charities and human rights organisations as well as preventing fraud and corruption.
Better security with Blockchain
Bitcoin is evidence of the security and unassailability of Blockchain. The history of all Bitcoin transactions is in the accounting ledger, stored across a multitude of network computers known as “nodes”. The purpose of the nodes is to check the validity of every Bitcoin transaction submitted to the accounting ledger.
In spite of Blockchain superiority in creating a secure technology conversely, it does not sit comfortably with the GDPR, as there are some challenges to compliance concerning the processing of personal data within Blockchain.
The GDPR’s definition of personal data is “any information relating to an identified or identifiable natural person.” For this very reason, the strict rules of the GDPR will apply to organisations that store, manage or process personal data, including data stored in a Blockchain environment.
Blockchain technology allows ultimate in secure storing of data and should, therefore, keep the regulators happy, but there are some essential requirements of GDPR and Blockchains that they cannot meet.
Organisations must take responsibility
One of the issues is the control and culpability attached to organisations. This does not necessarily exist with Blockchain technology, which operates in the main as a decentralised network of transactions.
“Wikipedia defines decentralised as “a distributed and public digital ledger that is used to record transactions across many computers so that the record cannot be altered retroactively without the alteration of all subsequent blocks and the consensus of the network”.
Essentially, Blockchain is public, and no one owns the ledger. The ledger is accessible by anyone who has permission.
The GDPR, on the other hand, relies on culpability and accountability, with precise definitions of ownership and management of data. Data controllers and data processors have obligations and responsibilities the likes of which are not clear under decentralised data networks.
Where Blockchain networks are public and immeasurable such as cryptocurrencies the management is complicated for GDPR intricacies especially the liabilities if there were a data breach.
What about the Right to be Forgotten?
Another conflict between GDPR under Blockchain is that of individual right to be forgotten.
The primary infrastructure of Blockchain technology is its immutability headlined by the acronym CRAB (create, retrieve, append, burn) There is no delete function!
This excellent explanatory article by @gautamdhameja and his in-depth explanation of this particular GDPR conflict explains some possible solutions to this dilemma. The challenge continues for compliance within Blockchain networks, without degenerating the usefulness and principles of Blockchain technology, which, in itself, is groundbreaking.
The future has to be one of combining regulation and technology (Blockchain and future revolutionary technologies) to strengthen and improve data collection and processing for the benefit of privacy and cybercrime.