Menu
Get in Touch
GDPR Compliance and Blockchain

GDPR Compliance and Blockchain: Friends or Foes?

The origins of blockchain as a distributed, public ledger may at first glance suggest that it’s fundamentally incompatible with the iron-clad privacy demanded by GDPR legislation; however, blockchain has evolved. Developments such as zero-knowledge proof are well-placed to support rather than obstruct data privacy. Does it mean that GDPR compliance and blockchain can not only coexist but enable better data privacy?

Are blockchain and GDPR incompatible?

Data protection regulations, in particular, GDPR, draw stark lines when it comes to data security, data privacy and the rights of users to control access to personal data — including the right to be forgotten.
Blockchain, in contrast, originated as a public ledger where every participant has access to the entire blockchain. In addition, blockchain transactions, and by extension the data stored in a blockchain, is immutable. In other words, once recorded, a transaction and the associated transaction data cannot be erased.

It’s clear that the public aspects of the blockchain, such as Bitcoin, and the immutability of blockchain, both conflict with GDPR stipulations, but this is taking a simplistic approach to the blockchain. A blockchain does not need to be public, and although transaction data will be immutable, utilising blockchain applications does not dictate that personal data falling under GDPR protection must also be stored in the immutable blockchain.

GDPR compliance and blockchain: meeting GDPR requirements

While blockchain may appear to conflict with data privacy requirements, enterprises familiar with the versatility and the risks and rewards of adopting blockchain will know that blockchain is a malleable technology.

In fact, blockchain applications have stand-out features that closely align with GDPR expectations. Besides, where blockchain does not inherently align with data privacy principles, the effective workarounds are just a few steps away. Here are a few key ideas:

  • Store personal data off-chain. By using hashing that works one-way, an enterprise can make use of blockchain to store transactional data while keeping personal data stored off-chain. While the hash of the personal data will be stored on the blockchain, a one-way hash means that this hashed data will be meaningless once the off-chain personal data is deleted.
  • Deploy zero-knowledge proof. In short, zero-knowledge proof implies that one party (the prover) can prove to another party that it knows certain facts without revealing those facts or revealing how these facts are known. Using zero-knowledge algorithms implies that personal data stays out of the fray, without hobbling transactional efficiency.
  • Utilise blockchain’s security advantages. GDPR takes strong views on data security which aligns with the security advantages of a decentralised architecture. Blockchain doesn’t have a single point of failure which makes blockchain applications less vulnerable. In comparison, centralised data storage repositories have plenty of commonly exploited vulnerabilities.
  • Build private blockchain applications. Enterprises can opt to build a private blockchain that walls off external users, limiting access to data. Applications utilising public and private keys can allow participants to exchange blockchain data anonymously, all in aid of data protection compliance.

How blockchain can be a privacy enabler

Instead of adapting blockchain applications to attain GDPR compliance, it is worth thinking of blockchain as a tool to enhance privacy. When no party obtains or handles personal data, data privacy considerations are dramatically reduced.

The Sovrin Foundation’s global identity network is an early example of how blockchain can be utilised to enable transactions that are highly reliant on sensitive personally identifiable information, without actually transmitting and sharing this information.

Creative applications of blockchain that meet privacy concerns are continuing to emerge, and it may well be that blockchain makes it far easier for enterprises to remain compliant with data privacy legislation such as GDPR.

Utilising blockchain in the presence of GDPR

Clearly, enterprises need to deploy a degree of creative thinking when developing blockchain applications that are GDPR compliant. Security and data privacy concerns should be at the forefront of blockchain application development.

“Blockchain definitely has a wide variety of uses; however, you should always keep data security in mind”, says Iurii Garasym, the Director of Corporate Security at ELEKS. ” It’s not a good idea to store personal or sensitive data in the plain format on blockchain. Consider using tokenisation or hashing instead. Personal data should be stored outside blockchain in some reliable storage or database. Then, the token, hash or link can be applied to the blockchain.”

Another option is having your personal data encrypted and then stored on the blockchain. To comply with GDPR and to ensure that data is removed, you’ll need to delete your encryption key. However, if we are talking a lot about using the potential of quantum computers in the near future, keep in mind that they might be able to break this kind of encryption in a literal moment.

As always, the risk-based approach does make sense here. In most cases, a private or privileged blockchain with tokens in it and secure external storage should work best, at least for the time being.

Are you unsure about the security and compliance aspects of your enterprise blockchain application? Contact us today to see how you can adjust blockchain to meet privacy regulations, including GDPR.

Contact Us

  • We need your name to know how to address you
  • We need your company name to know your background and how we can use our experience to help you
  • We need your phone number to reach you with response to your request
  • We need your country of business to know from what office to contact you
  • Accepted file types: jpg, gif, png, pdf, doc, docx, xls, xlsx, ppt, pptx.
(jpg, gif, png, pdf, doc, docx, xls, xlsx, ppt, pptx)

We will add your info to our CRM for contacting you regarding your request. For more info please consult our privacy policy
  • This field is for validation purposes and should be left unchanged.

Our Achievements

IAOP The Global Outsourcing 100 2018
ISO 9001
isoiec 27001
GSA
Horizon Interactive Awards
Stevie
The Webby Awards
it europa awards finalist
Clutch Global 2017
EBA
Get in Touch
Our website uses cookies to personalise content and to analyse our traffic which may also result in profiling. We may as well share information about your use of our site with our social media, advertising and analytics partners for advertising purposes. You may delete and block all cookies from this site as described here. Check our privacy policy to learn more on how we process your personal data. Ok