How is Blockchain Going to Work with the GDPR?

The European Union’s General Data Protection Regulation (GDPR) has gone into effect, and with this new law comes a lot of information your organization needs to consider regarding individual data protection. In particular, the technology of blockchain is difficult to talk about in regard to GDPR, as it’s basically an encrypted and distributed digital ledger. How can blockchain work properly in tandem with the new GDPR regulations?

GDPR itself is a bit tricky to understand. Even though it doesn’t have the PII designation, it’s still the strongest data protection law passed to date. Any organization that does business with businesses within the nations of the European Union needs to comply with the regulations outlined in the GDPR. One of the most notable results that we’re sure you’ve noticed regarding GDPR is that many websites have updated their privacy policy, and they are required by law to tell their viewers about this. This is to protect themselves from the fines associated with non-compliance to GDPR.

The biggest issue concerning blockchain technology is found in the GDPR mandate. According to the new regulations, if a company obtains personal information that doesn’t need it, they must delete it. Blockchain nodes can’t be deleted, so it makes sense that the GDPR would be an issue for companies that use them. It’s a strange coincidence that blockchain and GDPR are both meant to improve user privacy, even though the blockchain technology used to this end isn’t compatible with GDPR regulations.

Even though GDPR was designed to adapt to changes in technological innovations, blockchain is already testing its ability to do so. For example, applications that utilize blockchain technology already pair well with the three major points of GDPR: confidentiality, integrity, and availability. The blockchain uses encryption to remain confidential, but the ledger itself remains transparent.

Let’s think about a potential scenario for a customer named Jim. Jim can use a blockchain-based account to pay for his monthly checkup. This works out for him because most of the EU has universal healthcare as a principal. The details of this payment are hidden, but the record shows the overall price in the form of cryptocurrency. Because this company has collected information--encrypted or not--and it’s not needed, this would be a breach of GDPR policy. Consequently, some EU-based companies have stopped accepting Bitcoin and cryptocurrency as payment, though it’s worth mentioning that GDPR isn’t the exclusive cause of this.

Though the GDPR regulations only cover EU-member countries and organizations that do business with them, there is a considerable chance that these regulations will be amended as time goes on. What will this future look like? Will it be more like GDPR, or will it focus primarily on the blockchain? Let us know in the comments.