What is the GDPR?
The General Data Protection Regulation (GDPR) was instated on May 25th, 2018 as the first piece of data legislation applicable in all of Europe. Legislators began working on the bill in 2012 as a way to help individuals protect their personal information and give them more control over how their data is used.
The legislation requires companies to double-check the necessity of gathering personal data from customers and states in Article 39 that the data they gather must be “adequate, relevant, and limited to the minimum necessary in relation to purposes for which they are processed.” In other words, if the data is not significant to business being carried out with a customer, they should not be collecting it.
The part about giving individuals more control over how their data is used manifests itself mainly by granting individuals rights to see how their information is being used and enabling them to request the deletion of their personal data.
How does the GDPR mesh with Blockchain?
The GDPR has its beginnings in a time where Blockchain was not on the radar of legislators. It was aimed more at cloud technology and social media sites storing data centrally, putting users at risk to attackers. Centrally stored data also means one party has control over the data, and is thus responsible for its protection and appropriate use; this party can then be subject to the regulations instated by the GDPR.
Blockchain and other decentralized systems pose a new set of questions for the GDPR, in that the decentralized nature holds no single party accountable for protection and use – control is to the greatest possible extent in the hands of the users themselves. The implementation of Blockchain in this way supports the goals of the GDPR.
The big question mark in the conversation about Blockchain and the GDPR is the entitlement of individuals to request that their information be erased. One of the greatest benefits of Blockchain is that data stored is unchangeable, or rather not subject to the manipulation of malicious users.
One possible solution for this could be the combination of Blockchain with other hardware, with sensitive data (where a user truly wants to be able to opt for deletion) being filtered to a central solution and less-sensitive data remaining in the Blockchain.