Can Blockchain help companies be GDPR Compliant?
With GDPR being a hot topic as the new law comes in to place this May, predictions have highlighted that around 80% of companies won’t be ready for the GDPR regulations. With such a high percentage of companies worryingly not prepared, blockchain technology could help these companies comply and offer an innovative solution to meet the regulations.
Blockchain is the world’s leading software platform for digital assets and is the technology backing digital currencies, Bitcoin and cryptocurrency. It’s a decentralised ledger that records transactions across networks to allow participants to transfer assets digitally without intermediaries. The capabilities of blockchain-based identity management can be used to protect data of individuals and companies that meet the GDPR standards with its concept “bring your own identity” (BYOID).
Blockchain-based Identity Management (ID) uses public/private encryption and data hashing to securely store individuals identify and data on their device, where they are also able to control which information they consent to share. The use of blockchain allows third parties to validate the original data and therefore avoids misrepresentation.
When looking at the benefits specifically for the banking sector, ‘Know Your Customer’ is applied in every bank worldwide and is a process that can become very repetitive and therefore, is subject to mistakes. With the implementation of a consent management system based on blockchain, banks would be able to create a simple audit trail that will alleviate those audit and compliance tasks and provide individuals with information on who their data is shared with.
As the audit trails would be permission-based information, there is also an audit trail of consent on the blockchain. With the new GDPR law stating that all individuals will now have a right to be forgotten, this will make it simple and easy for users to remove their consent at any time.
Blockchain can also help companies meet GDPR’s requirements for privacy by design, whereby companies are required to establish compliant policies, procedures and systems for all stages of a service, product or process. This is met simply by incorporating blockchain-based IM directly into the company’s offerings and infrastructure. Using this blockchain method, companies could also significantly reduce the likelihood of becoming a target for hackers. With data stored on a user’s device rather than in the company’s database, there is no need to store personally identifiable information (PII) in large databases.
As you can see, blockchain can help companies be fully compliant in two major areas of the new GDPR law. There is still a lot of research needed to be done around blockchain as a fully compliant data storage system and whether GDPR can be fully satisfied with an autonomous system, but it is a great step forward that companies can make towards GDPR compliance.