Relations between blockchain technology and GDPR regulations are intertwined and unobvious. As a hot new technology, it doubles the fear connected with the new regulations.
Failing to comply with the GDPR can lead you to a fine of up to €20 million.
Will the recent changes help you in your blockchain project, or bury it? See what our ICO and blockchain experts think, and how to approach it in a safe and reasonable manner.
Blockchain development, privacy and safety of personal data
The defining feature of GDPR is “privacy by design.” In short, it promotes solutions for which security and privacy aren’t additional features or a layer of protection. The system should be built in a way that keeps the data safe at its core.
And indeed, blockchain is the technology that fulfills that promise, keeping your data private and secure.
But it is not fully GDPR compliant to store all personal data within it.
Data erasure issue
The other goal of GDPR is to give an individual full control over their own personal data. Even though the regulations were created as tech agnostic, in their core lies a traditional approach to databases. They are perceived as standalone centralized units that need proper security solutions, where the data can be easily accessed and removed.
And in blockchain, you simply cannot remove any data without breaking the entire chain. Blockchain is immutable, and you cannot execute an ‘erasure of data’ feature as stated by the GDPR ruleset.
Of course, there is a way to hide the data. You can forfeit access to the information, deleting your cryptographic key. The data will not be accessible anymore, but technically it IS NOT erased, and therefore – your solution does not comply with GDPR.
Another part of the problem is transparency – public blockchains are completely transparent and let you browse through their complete history of transactions.
If this contains personal data, it leads to a compliance violation.
The new regulations also state that the data should not leave the European Union. For this reason, a public blockchain is not an option, as you cannot control where the data could be stored.
How to keep a blockchain database compliant to GDPR?
The decentralized and transparent nature of blockchain is the opposite of the GDPR’s strict controls.
The easiest way to achieve compliance is to avoid storing personal data on the blockchain.
However, if your business heavily relies on this technology, making your blockchain architecture compliant with GDPR requires additional effort.
“Naturally, there is also a blockchain solution to, potentially, fix the problem, GDPR Edge, by IntraEdge, in collaboration with technology leaders Intel and Microsoft, uses Hyperledger Sawtooth’s distributed ledger technology and claims to enable trusted governing parties to keep accurate records, while providing consumer access and transparency.”
Managing Editor of Blockchain News
On GDPR Day, a Blockchain Solution
Another way to avoid this problem id connecting your blockchain to a traditional system, were you can delete the data. However, this does not allow us to unleash the full potential of blockchain technology, reduces many benefits and decreases safety – but those are the measures we have to agree to store personal data.
Collecting data during an ICO
Another aspect of your blockchain related activities might be the ICO process. While in most cases you won’t encounter GDPR issues with the token itself, it does give you additional responsibilities during the Initial Coin Offering.
>> 3 Traps That Can Sink Your ICO
When you collect and process the data of your clients, you need not only