GDPR and Blockchain: Impacts of New EU Privacy Regulations

The new General Data Protection Regulation (GDPR), came into effect on May 25, 2018 and can drastically change how organizations handle personal data they collect and use. The goal of the GDPR is to give individuals better control over their personal data and harmonize EU law.

How to comply with the GDPR

Under the new rules of the GDPR, all organizations storing personal data of EU citizens or residents of the EU are required to follow strict data privacy rules. This is also applicable to all Blockchain projects. If companies and projects fail to do so, they will be fined depending on how severe of an offense they have committed. The highest penalty could be up to 20 million euros or four percent of the annual revenue of the company depending on which of the two is higher.

The GDPR has a wide range and is also applicable to any online services provided or accessed by EU residents or citizens. This means that Blockchain projects are held responsible for corresponding with the GDPR regardless of their location. Regardless of location companies and Blockchain projects should immediately start complying with the GDPR guidelines if they have any EU customers. The following should be done immediately:

1. make sure to obtain express consent from individuals before collecting their personal data
2. clearly state data privacy policies
3. allow individuals to withdraw their consent at any time easily
4. ensure that data transfers out of the EU follow strict standards
5. allow individuals to change or delete their personal data.

There are many more items on that list to comply with, but this is the most essential to consider to run your Blockchain project or business up to date with the GDPR requirement.

Does the GDPR affect Blockchain?

Blockchain although it is an online electronic distributed ledger system can create immutable records for recording the history of transactions, is subject to compliance with the GDPR if the project in question uses a database. The Blockchain poses a problem to the GDPR and can run against its policies because Blockchain ledgers can be added to, but information on the network cannot be modified or deleted.

According to Gerry Stegmaier, a partner in the IP, Tech & Data Group of Washington-based law firm Reed Smith:

“Regulators are unlikely to accept the argument that somehow Blockchain is exempt from GDPR strictures because a defining feature of distributed ledgers is the impossibility of deleting data, such that it cannot be deployed in a way that enables data deletion.”

The GDPR and Blockchain can be considered not compatible with respect to GDPR requirement that individuals have the option to change or delete their personal data. This is due to the fact that Blockchains are immutable and generally cannot be changed once a block is made.

The other side of the coin is that Blockchain can benefit data privacy protection offer the industry’s most up to date data protection solutions through their projects. The Blockchain can solve and enhance problems with accountability, privacy, scalability and security allowing companies to comply with the GDPR.

The main thing to consider when trying to implement Blockchain projects with the GDPR is not to store personal data on a Blockchain. It is essential to understand that although Blockchain tech stores information in the same way a database can, the data can also be stored off-chain in a separate database linked to the Blockchain through private and public keys. Remember to any personal data in editable databases and not on the Blockchain. If necessary have only a one-way hash of the data stored on the Blockchain.

Although this seems like a good solution, there are still concerns about the structure of the Blockchain. Blockchain projects are often managed through collaboration with developers and entrepreneurs located around the world. This collaboration doesn’t work with GDPR standards as the team is bigger and we cannot gauge who will be held responsible for the node compliance and auditing with GDPR standards. As this is still fresh only time will tell how the Blockchain will fair with GDPR regulations.

If you are interested in the possibilities of raising funds through an ICO with a Blockchain startup, perhaps this article will interest you as well. In the article we will teach you how to get 80x increase in effectiveness in your ICO marketing by integrating a telegram bot in your marketing communication. Read the article by clicking the banner below.