The scandal around Cambridge Analytica and Facebook has made us consider data protection more seriously than ever. And along with following the news, we’re waiting for the month of May and GDPR (General Data Protection Regulation) coming into force. The new regulations spiced up with the blockchain technology will influence our ideas about data security in general. But the mix of these phenomena need to be explained in more detail – and that’s why we’re here today.
What problems GDPR solves and how blockchain becomes the one and only solution for some issues – this is the subject of the today’s conversation.
Before discussing GDPR as a new concept concerning personal data protection, let’s revise some basics of the blockchain technology. The thing is some areas of blockchain are affected a lot by new regulations, and we will describe them one by one.
Dealing with blockchain, you can transform data through hashing and encryption. So, hashing is a one-way data transformation when a piece of information becomes unreadable (it is called a hashed value). Encryption offers users a two-way data transformation. In this case, you need a special key to make information unreadable. This same key is used to decrypt the piece of data.
Immutable transactions are a type of transactions that can’t be changed when they are written on the blockchain. The information can’t be deleted because in this way you “break the chain” which destroys the foundation of the blockchain.
Transparency of blockchain is backed by an opportunity for users to look through the history of all cryptocurrency transactions. This huge amount of data becomes public and accessible for everyone (public blockchain). There is also a certain scheme to provide transparency for private (permissioned) blockchains.
Read also: Fintech Startups Digital Security Risks
Although most of the conversations are around permissioned blockchains, data protection trends are connected with public blockchains too. So, let’s move forward to the GDPR part of this talk.
GDPR follows certain rules. But before learning them, let’s review the basic framework of the upcoming changes.
First of all, there are two main concepts that GDPR aims to improve:
The primary thing. People talk a lot about the new laws, but strictly speaking, there is no big shock for the global community. The important thing is, it emphasizes the importance of rights for users and the rules that data processors must abide by. The digital environment will have a legitimate protection for the data usage – that’s basically what it’s all about.
Application area. GDPR is broadly applicable. Anyone who deals with personal data of European citizens on day-to-day basis can’t avoid GDPR limitations. Even if your business is located outside the European Union, GDPR is a point of your concern.
You also should know that substantial fines, which become a consequence of the rule violence, can have a big impact on the company’s work. Hence, all types of companies (not only IT) are in the danger zone.
The main rules. The GDPR document contains 11 chapters, but there are some important points won’t take much time to read.
1. Access right for everyone. With the new regulation, each individual has the right to know who else has an access to his or her data and which exactly pieces of this data are visible for other users. Besides, everyone now will know how the personal data is used.
2. Right to ask for data deleting. If a person knows that his personal data is used by any third parties, he can ask them to delete this information.
3. Right to transfer the data. It means that any individual has a right to extract data in a certain format. Besides, users can demand data exchange at their request.
4. Right to use the minimum amount of data. This rule concerns third-party organizations – they can extract and use only the minimum needed amount of data.
Apart from the rules, GDPR also sets measures that companies should take to ensure the high-level protection of personal data. It even includes hiring a data protection specialist. But how do these new responsibilities match the blockchain technologies? Let’s look more closely at two of them.
You could’ve already noticed that some blockchain principles can be well-adjusted to the new GDPR conditions. Here is how new regulations meet new technologies represented by the blockchain.
We already know that GDPR promotes protections of personal data by all means. At the same time, blockchain allows data transactions without identity disclosure to other parties. Only private and public keys are a personal matter as it is unique for each user. Therefore, anonymity is one of the blockchain features. And in parallel, “anonymity” and “pseudonymity” are mentioned in the new rules. “Pseudonymity” in terms of data protection means that personal information can’t be ascribed to a specific individual.
When we appear on the Internet field, we often don’t have enough trust in the services of Internet providers. But as time goes by, we have to share lots of our personal data with the global web: insurance and medical identities, payments details, tax information, etc.
Blockchain gives users decentralization and cryptographic security, and GDPR aims to increase the customer’s trust engaging financial and government institutions. Consequently, more businesses and individuals will be inclined to embrace opportunities brought by globalization and eCommerce. And as GDPR should be implemented in each EU country (and can’t be changed depending on the territory), small and mid-sized companies will be able to join a global European market with ease.
The immutability problem. Some of the blockchain features are not an opportunity but rather a limitation for the GDPR progress. For example, the immutability issue we’ve discussed above can be a burden for companies. The thing is the regulation gives people the right to erase and correct the private data. Immutability, at the same time, acts the opposite way.
No doubt, we expect big changes to come in a month. The anticipation of European companies has reached the highest level and brought up the myriad of controversial discussions. The general overview we’ve made today shows that there is no final verdict whether GDPR and blockchain are a successful duo or not.
But what we know for sure is that we can expect big changes to come which will transform the blockchain sphere and mix it with the data rules. Nonetheless, regulations are necessary for global economic processes in general and the digital business in particular.