Blockchain Tech and GDPR Compliance

There is a controversial relationship between blockchain technology and the EU’s General Data Protection Regulation (GDPR). On the one hand, it’s a match made in heaven, as more than half a billion people, can benefit from having their personal data digitized by legislation, and secured by the immutability of distributed ledger technology. On the other hand, GDPR, as it exists today, is not blockchain-compatible. And the very fact that data stored on blockchain is immutable, contradicts a key policy of the GDPR — the right to be forgotten (Art.17 GDPR).

The formulation of the GDPR was an elaborate process, meticulously pieced together, long before blockchain tech came to the fore. But, if an individual’s personal data cannot be deleted, then this vital right will be impossible to exercise. However, legislators do need to consider the potential of blockchain for establishing a more secure and trusted framework while dealing with personal data. The problem lies in the binary nature of technology that sometimes makes it incompatible with real life applications like regulatory policy.

But a well-designed off-chain key management system can help overcome this dilemma. To put it simply, while encrypted data cannot be deleted from blockchain, it is still possible to delete the key to that piece of data, making access permanently impossible. And this can be considered a complete erasure of that user’s data from the network.

Thus, it is safe to say that blockchain technology will not be eliminated by GDPR; rather, it will serve as a highly reliable foundation for further enhancement and modernization of personal data management.

To learn more about blockchain technology, visit our website blockgemini.com