The role of blockchain in GDPR compliance

GDPR’s recent entering into force is a breath of fresh air for consumers (once the seemingly endless stream of ‘updated privacy policy’ emails dries up). The legislation has been anticipated for years, but its implementation is welcome now more than ever, in the wake of data breaches like those carried out on Equifax or Facebook.

GDPR is empowering users where their data is concerned. As well as requiring companies to beef up their security and handling of any user information, it allows individuals to request the purging of their information from company databases. It’s an excellent step in the right direction – recognising rights that consumers should have had for a long time. It imposes steep fines on the companies that fail to adhere to strict standards.

One of the downsides that critics have been quick to point out is the capacity of smaller businesses to implement the changes necessitated by GDPR. Whilst large companies will find it easy to invest in updating their policies and tweaking their infrastructure to reflect the changes in regulation, smaller ones will struggle, and may not have the funds or skills to safely protect user data (a fine of €20 million could spell the end for such businesses).

I believe blockchain technology can help, not only for smaller businesses, but for large ones as well. Blockchain technology is the ideal match for GDPR – on one hand, rights are protected by legislation, and on the other, they’re secured by technological advances. With this emerging technology, companies no longer need to store customer information in easily-targetable data silos – if anything, they’re incentivised not to in order to avoid risking fines under GDPR. 

The strength afforded by a distributed ledger is decentralisation, combined with the zero knowledge storage of the blockchain. This seems to have captivated industries, not only from a security standpoint, but as an ethos in and of itself – flattening the hierarchy and centralised aggregations of data in a system that allows individuals to remain sovereign over their own information has gleaned a great deal of interest and around the technology.

The result will be widespread disruption across sectors. Whilst the current state of securing data is best analogised as racing to build taller and thicker walls, the new one would forego this need, as there is nothing for the walls to protect. Users would truly own their own data with zero-knowledge storage to secure personal information, and could choose to interact with their preferred businesses without running the risk of that data being siphoned or stolen.

(Image credit: Image Credit: Startupstockphotos / Pexels)

Consider ecommerce – it’s a booming industry, but one that faces significant risk: online outlets collect huge amounts of user information, including highly sensitive card details, physical addresses, phone numbers, and names. Hackers seeking lucrative targets need look no further than databases brimming with thousands of these collections, which can be used for fraud, identity theft, or sold to other malicious actors. 

A blockchain solution would negate any of this. With a platform that harnesses the power of decentralisation to effectuate payments, consumers and merchants could interact in a trustless manner. The user would not need to worry about their data being vulnerable, as it never leaves their possession, and the merchant can focus their efforts and channel funding into other areas of the business, as emphasis on securing customer information is no longer required.

This is just one example. Distributed ledgers unlock a wealth of potential applications in everything from supply chain management to genomics. Adding transparency, cryptographically-assured security and new incentive models to enterprises of today, blockchain technology could vastly alter the current architecture of businesses across the board.

Alastair Johnson is founder and CEO of Nuggets.