Home / Blockchain / Can Blockchain aid brands become compliant with GDPR?

Can Blockchain aid brands become compliant with GDPR?

<div _ngcontent-c14 = "" innerhtml = "

Compliance with GDPR.Pexels.com

The consequences of the GDPR are still evident. But one thing is certain: many companies still have difficulty making sense of how the new provisions apply to the blockchain.

To recap, new rules require companies operating in the EU or customers located in the EU to assert the following rights of consumers regarding data storage:

  • Provide clear information on the type of data collected and obtain the explicit consent of the user for this purpose.
  • Give users the right to access their personal data, request corrections and / or revoke their permission to use such data.
  • Delete personal data once it is necessary for its archiving deadlines and / or when the user withdraws his consent for the storage of such data.

The operational impact of GDPR

While it is early to talk about the definitive consequences of GDPR at this point, there are some noteworthy developments worthy of note. After a survey in the Netherlands, Microsoft may have to pay a large sum due to compliance issues with the ProPlus subscription.

Individual member countries of the EU like Finland they also decided to implement additional acts, while also protecting private data of their citizens. In turn, this presents further compliance problems for companies operating in the region.

The role of blockchain in GDPR compliance

Blockchain technology has already gained considerable interest in various sectors, including health care, supply chain management and the financial sector, of course. While the exact use cases vary from one sector to the other, many agree that blockchain offers a new, safer way to store and process large volumes of data.

The wrinkle, however, is that the immutable nature of blockchain technology is an obstacle to GDPR regulations. Decentralized systems are a gray area in terms of legislature. Current provisions require companies to allow users to remove or correct their personal data from their databases.

A decentralized ecosystem takes on a single controller that could do it. No individual or company can delete data recorded on a public blockchain. In fact, no authority can effectively regulate a public blockchain. The idea behind the technology is to eliminate ownership of a single source and return data rights to its users. The removal of data from a private (authorized) blockchain is technically possible, even if extremely demanding. & Nbsp;

So is it possible to create a legally compliant blockchain?

Researchers from the University of Cambridge and Queen Mary University of London may have found a compromising solution. They proposed a new technical solution for private blockchains that will incorporate the "right to oblivion" rule. Instead of understanding how to erase the data from the blockchain, the researchers proposed to eliminate the decryption keys relevant to some items. In this case, the data remains recorded in the ledger, but it is not possible to access or decrypt it.

The biggest counter-test so far has been that the private blockchain will require immense computational resources, making them too expensive to maintain in the long run for companies. With the growth of the ledger, more computing power is needed to "extract" new blocks: solve the cryptographic puzzle to validate a new data entry. Once again, some solutions have been proposed to solve this problem. Some companies have developed a new mining ecosystem and a validation mechanism: POC (Proof of Capacity) that requires less energy and computational resources to work. In fact, mining can be performed with the capacity of the unused hard disk.

For example, a & quot; Japanese company, Nagezeni, is developing a blockchain project that will allow online creators to promote their content and receive suggestions and donations from the public dedicated to NZE tokens. Yoshihito Matsumiya, CEO of the company, believes that blockchain not only introduces new uses in social networks, such as micro-transactions, but also brings greater security to user data.

The transfer of data ownership can also be the key to compliance

Blockchain technology revolutionizes the way data is stored – in a decentralized manner. Now let's illustrate this further with an example. Most Know Know Customer (KYC) procedures require people to provide personal data for identity verification of multiple types (pre-GDPR). As a result, a many Fintech companies now they have to create new mechanisms for archiving and processing such sensitive information.

However, if legislators create clearer guidelines for blockchain solutions, the process could become much simpler for everyone. Instead of explicitly sharing their data with companies, users would give their permission to access this information from the blockchain. Basically, they would provide the key to their data, one that could be revoked at any time. However, the original data or certification can not be changed or misinterpreted by the receiving party, making it valid as if it were provided directly to the company. Companies, on the other hand, will not have to memorize anything on a central corporate database and, therefore, be bound by some compliance rules.

In fact, the adoption of blockchain-based identity management means "privacy by design" – & nbsp; the largest request from regulators. And blockchain technology can become the strongest ally of companies in addressing the GDPR regulations without much trouble.

">

Compliance with GDPR.Pexels.com

The consequences of the GDPR are still evident. But one thing is certain: many companies still have difficulty making sense of how the new provisions apply to the blockchain.

To recap, new rules require companies operating in the EU or customers located in the EU to assert the following rights of consumers regarding data storage:

  • Provide clear information on the type of data collected and obtain the explicit consent of the user for this purpose.
  • Give users the right to access their personal data, request corrections and / or revoke their permission to use such data.
  • Delete personal data once it is necessary for its archiving deadlines and / or when the user withdraws his consent for the storage of such data.

The operational impact of GDPR

While it is early to talk about the definitive consequences of GDPR at this point, there are some noteworthy developments worthy of note. After a survey in the Netherlands, Microsoft may have to pay a large sum due to compliance issues with the ProPlus subscription.

Individual member countries of the EU like Finland they also decided to implement additional acts, while also protecting private data of their citizens. In turn, this presents further compliance problems for companies operating in the region.

The role of blockchain in GDPR compliance

Blockchain technology has already gained considerable interest in various sectors, including health care, supply chain management and the financial sector, of course. While the exact use cases vary from one sector to the other, many agree that blockchain offers a new, safer way to store and process large volumes of data.

The wrinkle, however, is that the immutable nature of blockchain technology is an obstacle to GDPR regulations. Decentralized systems are a gray area in terms of legislature. Current provisions require companies to allow users to remove or correct their personal data from their databases.

A decentralized ecosystem takes on a single controller that could do it. No individual or company can delete data recorded on a public blockchain. In fact, no authority can effectively regulate a public blockchain. The idea behind the technology is to eliminate ownership of a single source and return data rights to its users. The removal of data from a private (authorized) blockchain is technically possible, even if extremely demanding.

So is it possible to create a legally compliant blockchain?

Researchers from the University of Cambridge and Queen Mary University of London may have found a compromising solution. They proposed a new technical solution for private blockchains that will incorporate the "right to oblivion" rule. Instead of understanding how to erase the data from the blockchain, the researchers proposed to eliminate the decryption keys relevant to some items. In this case, the data remains recorded in the ledger, but it is not possible to access or decrypt it.

The biggest counter-test so far has been that the private blockchain will require immense computational resources, making them too expensive to maintain in the long run for companies. With the growth of the ledger, more computing power is needed to "extract" new blocks: solve the cryptographic puzzle to validate a new data entry. Once again, some solutions have been proposed to solve this problem. Some companies have developed a new mining ecosystem and a validation mechanism: POC (Proof of Capacity) that requires less energy and computational resources to work. In fact, mining can be performed with the capacity of the unused hard disk.

For example, a & quot; Japanese company, Nagezeni, is developing a blockchain project that will allow online creators to promote their content and receive suggestions and donations from the public dedicated to NZE tokens. Yoshihito Matsumiya, CEO of the company, believes that blockchain not only introduces new uses in social networks, such as micro-transactions, but also brings greater security to user data.

The transfer of data ownership can also be the key to compliance

Blockchain technology revolutionizes the way data is stored – in a decentralized manner. Now let's illustrate this further with an example. Most Know Know Customer (KYC) procedures require people to provide personal data for identity verification of multiple types (pre-GDPR). As a result, a many Fintech companies now they have to create new mechanisms for archiving and processing such sensitive information.

However, if legislators create clearer guidelines for blockchain solutions, the process could become much simpler for everyone. Instead of explicitly sharing their data with companies, users would give their permission to access this information from the blockchain. Basically, they would provide the key to their data, one that could be revoked at any time. However, the original data or certification can not be changed or misinterpreted by the receiving party, making it valid as if it were provided directly to the company. Companies, on the other hand, will not have to memorize anything on a central corporate database and, therefore, be bound by some compliance rules.

Indeed, the adoption of blockchain-based identity management means taking on "privacy by design" – the increased demand from regulators. And blockchain technology can become the strongest ally of companies in addressing the GDPR regulations without much trouble.

Source link