GDPR Implications and Blockchain

In our previous blog on Data Privacy we spoke about privacy issues and ways to tackle it with Blockchain technology. In this article we will delve further and look into some newer aspects of data management under the lens of new data privacy laws coming into effect and how Blockchain can be a potential gamechanger.

Trust is a very important issue, when it comes to processing of personal data. Companies face the constant rising threat of data breaches every year. On an average, the cost of a breach has risen to $4 million per incident – up by 29% since 2013 as per statistics. Also, the increase in incidents of cybersecurity breach globally stood at 39% during the period of 2014-2015 alone.

The nature of data compromised in most of the data breaches were Personal (Names, Addresses, Email), Financial (Billing, Banking, Insurance), Medical (Hospital and Doctor’s records, Medical Insurance), and Credentials (Log In credentials, PayPal, online banking sites). And in 96% of the cases these data breaches weren’t discovered for months.

The major industries who are susceptible to frequent data breaches are Healthcare, Finance, Government, Education and Retail as these mostly deal with sensitive and exploitable user information. These five industries alone accounted for 81.3% of the total number of disclosed data breach incidents.

All the aforementioned industries are subject to specialized state and federal data breach disclosure laws. One such law which was recently adopted on 27th April 2016 by the European Union is the General Data Protection Regulation. GDPR insists on giving the full control of data to where it belonged – the consumer. This regulation comes into effect from 25th May 2018.

As per this new law companies storing and managing personal data of EU citizens will be obliged to handle user data going forward in a more transparent and secure manner, as individuals will be given new data rights, such as the “Right to be Forgotten”, “The Right to Data Portability”, “Right to Consent” and “Right to Data Minimization”.

The obvious question now is: “Can Blockchain technology be used to improve customer data management processes without compromising the GDPR rules?

Blockchain technologies have proposed to address the issue of trust and privacy in data security, verifiability, and transfer using mathematically designed cryptosystems. This hash based mathematical protocol allows the system to be cryptographically secure and hidden. So, blockchain can be used most judiciously where there are multi party transactions as is the case with most businesses these days.

And since every node on the Blockchain has a copy of all the historical transactions and are time stamped, the need for centralized databases can be drastically reduced, and security increased as there will not be a single point of failure for hackers to exploit.

From GDPR perspective consumer provided consent for their own data is another vital aspect in the data capturing and verifying process. No data can be processed by any service provider company until suitable consent for the same is provided by the user himself. Also, as per need consumer should be able to withdraw the consent too.



Blockchain based solutions as depicted in the above figure can facilitate permission-based access to information by giving users control in the processing and sharing of their data, leaving an audit trail of consent on the Blockchain. The user can remove consent at any time, thus fulfilling the GDPR’s “Right to Erasure” clause too.

Blockchain based identity management systems can provide users control of their own data and help companies towards GDPR compliance by allowing them to authenticate their users without storing PII data. Thus by doing so, companies reduce the nusmber of requests to access, erase and correct user data as none of it is stored within the company’s systems, again abiding by the laid down GDPR rules.