Blockchain may turn out to be the killer app for GDPR compliance in the 2020s.
How so? Well, blockchain creates a secure way to track the provenance of digital transactions. That aligns well with the demands of GDPR, the European Union’s General Data Protection Regulation, which requires companies to develop vigorous data-protection frameworks.
GDPR governs the digital privacy rights of everybody living in the EU. Companies outside the EU have to comply with GDPR if any of their digital transactions collect data about EU residents. That makes pretty much every website publisher and e-commerce site subject to GDPR rules.
GDPR compliance poses three primary challenges to companies:
- Understanding who has access to people’s data. Within your company, you need to ensure that nobody can misuse personal data. Moreover, you must be compliant in any situation.
- Staying transparent on your data policies. You have to tell users how their data is used and how they can help keep their data private.
- Understanding where your data is going. You must document the paths data will take after you’ve collected it. If people’s data goes to third parties, you must be able to track it accurately.
Blockchain’s distributed-ledger architecture helps with all three of these GDPR requirements. It starts by encrypting an initial entry on a digital ledger. That data point cannot be erased or altered. Rather, any changes are added to the ledger and must be approved by everybody sharing it. This makes it extremely difficult to create fraudulent or fake entries.
All data has to be stored, transmitted and kept secure. Blockchain can be used to build an encrypted data trail so you always have a complete understanding of data storage, access and transmission. Moreover, you can increase transparency and build trust because you have a mechanism to keep your promise to protect users’ data.
It’s true that blockchain has generated more hype than results in recent years, but that’s often the case with promising new technologies. Inflated short-term expectations lead to discontent that obscures the long-term potential.
Sure, there’s a lot to work out. Blockchain is a sophisticated technology and GDPR is a complicated regulatory regimen. For all the uncertainties, one thing seems certain: GDPR and similar data-protection rules will grow more pervasive in the 2020s. And organizations will need all the help they can get to avoid fines and adopt transparent data policies.
At DMI, we’ll be looking for ways to converge the data-policy needs of clients, customers and regulators. If blockchain looks like the optimum GDPR solution for our clients, we’ll be putting it to work.
-Varun Ganapathy, director/digital technology office UK/Europe