From 25 May 2018 the General Data Protection Regulation (GDPR) becomes enforceable across the EU (including the UK, despites its impending exit). This new European privacy law has been designed to better protect personal data, by providing transparency about its use and allowing individuals to demand it is updated or deleted.
There are fears that this new regulation will put off many businesses from adopting blockchain technology in the future, while it may have a negative impact on existing companies employing it. As blockchain is now a technology too powerful to ignorefor many, there need to be ways it can work with GDPR.
Where GDPR and Blockchain Clash
The main issue where blockchain could run afoul of GDPR is with the stipulation that under the new regulation individuals have the right to demand their personal data held is rectified or deleted under many circumstances. Blockchain prides itself on being an unchangeable record; when data and transactions are entered they are immutable. This is one of its main benefits, as it becomes a reliable, transparent store of such information.
More data can be added to blockchain ledgers but all the information on the network cannot be modified or deleted. When this information is deemed to be personal, that creates a big problem for complying with GDPR therefore.
For example, if a bank began using blockchain technology for storing client data and someone moved house, they would request this information to be changed and the old address deleted. While the new address can be added, it isn’t possible to delete using blockchain, thereby breaking GDPR.
Does this mean blockchain technology should be abandoned across the EU?
The Blockchain Solution
The simplest way for blockchain technology to continue being used and abide by GDPR is for personal data to not be stored on it. Unfortunately, a lot of people and businesses don’t understand this and use blockchain to do so. Instead, personal data and blockchain should be kept apart, with the best solution for businesses to store personal data on an editable database with other information on the blockchain.
What can then be done as a clever workaround is for the reference to this data along with a hash and other metadata, to be stored on the blockchain. This is still something of a compromise though it does ensure 100% GDPR compliance, as all the off-chain data can be amended and deleted. However, transparency, which is one of blockchain’s main advantages, is greatly reduced, along with the benefit of data ownership. Plus, it increases the complexity which in turn introduces more opportunities for error.
Blockchains built in the future will be aware of GDPR beforehand, which provides a great advantage and should cut down any potential clashes. Applying GDPR to existing ones will be a nuanced process but for any being developed, these new ledgers won’t be built to store personal data. This means they can hold all the benefits of the technology while ensuring privacy and GDPR compliance.
Overall, the full effect of GDPR on blockchain will vary for each business using the technology, depending on the level of data they have stored. It is more likely to influence the future of blockchain than the present, though some companies may have to adapt their existing storage of personal data.