Why Blockchain Poses An Unusual Challenge For Gdpr Compliance
January Reader Favorite: The Role Of Blockchain In Helping Organizations Meet Gdpr Compliance | Information Management
January reader favorite: The role of blockchain in helping organizations meet GDPR compliance Opinion January reader favorite: The role of blockchain in helping organizations meet GDPR compliance While blockchain and the General Data Protection Regulation are currently two of the data management industrys hottest buzzwords, they have more than just buzz in common as the industry continues to ponder their respective impact. They share the same level of excitement as well as the same level of scepticism. Interestingly, they may be linked in another way the fact that blockchain could play an important role in helping organizations comply with GDPR rules. PWC defines blockchain as a digital, decentralized ledger that keeps a record of all transactions that take place across a peer-to-peer network so that participants can transfer assets across the Internet without the need for a centralized third party. According to Gartners Emerging Technologies Hype Cycle , blockchain is at the peak of inflated expectations, meaning that it is a hot topic among audiences, and there are numerous ideas and theories about how it can be used. While there are many use cases, the reality is very few are up and running. And, although its predicted to become an important technology, nobody really knows if it will go mainstream, what it will mean, which technology will become the de-facto standard, and when it all will happen. The GDPR, on the other hand, is a good bit more tangible with a deadline for compliance of May 25, 2018. By this date, all organizations worldwide doing business with EU customers must assess their information strategy, technology, processes and staff against GDPR rules regarding personal data and implement changes to remain compliant. The GDPR has an enormous impact to com Continue reading >>
Data Management, Blockchain And Gdpr Compliance
Data Management, Blockchain and GDPR Compliance Data Management, Blockchain and GDPR Compliance Data Management, Blockchain and GDPR Compliance General Data Protection Regulation (GDPR) was formed by EU to streamline data protection. GDPR compliance is vital for businesses as it deals with the lawful use of information available to an organization. One of the reasons behind GDPRs initialization was the increase in unethical usage of information by companies across several countries. In their mission to protect citizen information from different nations that are a part of EU, European Union declared the GDPR act. GDPR was formed to ensure that organizations were using the available information lawfully. Soon after the announcement of GDPR to be valid from 25 May 2018 , companies started searching for ways through which they can achieve GDPR compliance to continue their process of information collection in a manner that would not hamper the guidelines set up by the EU. Here are three ways through which technology can help businesses to become GDPR compliant: When an organization prepares to protect the information stored in its databases, they mean to protect information from unauthorized access . Identifying and safeguarding the locations where data of a company is being stored holds importance, as these sites are often vulnerable to being attacked by unauthorized intruders and can lead to misuse of data, causing compliance issues. With regards to the sensitive information stored in the database of an organization, companies can encrypt the same and maintain an order of safeguarding the data under the circumstances of a data breach taking place in their organization. Encrypting information is an impeccable manner of ensuring secure storage of data. By using cloud comput Continue reading >>
Gdpr And Blockchain: Is The New Eu Data Protection Regulation A Threat Or An Incentive?
GDPR and Blockchain: Is the New EU Data Protection Regulation a Threat or an Incentive? New European data protection regulation to trigger even more blockchain innovation. The General Data Protection Regulation (GDPR) , a sweeping and stringent European Union (EU) wide legal framework for personal data privacy, became effective on May 25. Ready or not, this framework is going to drastically transform the business of any digital venture. The International Association of Privacy Professionals (IAPP) forecast that at least 75,000 privacy jobs will be created as a result, and that Fortune's Global 500 companies will spend close to $8 bln in order to ensure they are compliant with the GDPR . But what does this mean for the blockchain? The GDPRs goals are: to create a uniform data regulation framework within Europe, and to strengthen individuals control over the storage and use of their personal data. It was adopted in 2016 , and after a two-year transition period, is now in force. The GDPR introduces new procedural and organizational obligations for "data processors" - including corporate as well as public entities, and gives more rights to data subjects - the term it uses for individuals. Public and private organizations, when left to themselves, tend to accumulate data even before knowing what they will do with it, sort of "gold rush" in personal data acquisition. The GDPR goes against this habit by specifying that data processors should not collect data beyond what is directly useful to their immediate interaction with consumers. In effect, the data harvest should be adequate, relevant and limited to the minimum necessary in relation to the purposes for which they are processed (Article 39 of the GDPR). Besides setting out what is or isnt allowed, the GDPR also specifies Continue reading >>
Major Blockchain Group Says Europe Should Exempt Bitcoin From New Data Privacy Rule
Major blockchain group says Europe should exempt Bitcoin from new data privacy rule Since people can store personal data in blockchains, the technology could fall under the purview of the upcoming European change to privacy law. But blockchain technology may be fundamentally incompatible with Europes new privacy rules, Washington, DC think tank Coin Center said today in a new post . The General Data Protection Regulation (GDPR) will take effect on May 25th this year, more than two years after it was first signed into law. Under the new rule, if an EU citizen requests that their personal data be erased from a companys records, the company will have to obey. But with blockchain, a complete erasure of any stored personal data might not be possible, experts told The Verge. Modifying data on a blockchain is very hard, Oxford Law lecturer Michle Finck told The Verge, If you were to delete or modify data from the blockchain to comply with the GDPRs rights to amendment or the right to be forgotten, you wouldnt just change that piece of data, but the hash of the block containing the data and of all subsequent blocks. Finck added, I think its safe to say that currently, most blockchains are incompatible with the GDPR, especially permissionless blockchains. She said that although many blockchain projects are currently thinking about how to design tech that would be GDPR-compliant, the problem is that there are so many points of tension...way beyond the right [for personal data] to be forgotten. Its the basics of blockchain technology. By their very nature, transactions on a blockchain arent meant to be deleted but to be recorded permanently. It would also be difficult to stop every place transmitting a Bitcoin transaction. This is by design, Andries Van Humbeeck, co-founder and b Continue reading >>
Comment: Can Gdpr And Blockchain Co-exist?
Home > Regions > Europe > Comment: Can GDPR and blockchain co-exist? Comment: Can GDPR and blockchain co-exist? The EUs General Data Protection Regulation (GDPR), due to be enforced on 25 May, implements new rights for people accessing the information companies hold about them and business obligations for better data management. GDPR defines personal data as anything that relates to an identifiable, living individual whether it actually identifies them or makes them identifiable. Luke Sayer asks if the two are in any way compatible. We are continuously advising companies of the need to explain their data processing through applicable policies. How companies handle personal data will vary; the GDPR recognises this by creating distinctions between data controllers and data processors. A data controller is an entity that determines the purpose and manner that personal data is used. A data processor processes the data on behalf of the controller, i.e. obtaining, recording, adapting and holding personal data. The GDPR aims to give individuals the right of control and power over who can access their data. One such right is the right to have inaccurate personal data rectified, blocked or destroyed where applicable. Further to this, individuals will have the right to be forgotten; their data transferred to another data storage provider, or deleted entirely. Companies will be more accountable than ever for their handling of data, so how can the much-heralded blockchain technology assist. Originally developed as the accounting method for the virtual currency Bitcoin, blockchains which use what is known as distributed ledger technology (DLT) are appearing in many commercial applications today. The technology is primarily used to verify transactions within digital currencies thoug Continue reading >>
#irms18 Can Blockchain Be Compliant With Gdpr?
#IRMS18 Can Blockchain be Compliant with GDPR? Speaking at the IRMS Conference in Brighton, Dyann Heward-Mills, CEO, HewardMills focused on emergence of Blockchain, and the need for GDPR compliance. She calledthe relationship between the regulation and distributed ledger critical as data protection officers need to understand its impact, how it sits with data subject rights and the Right to be Forgotten. Critical is the implementation of privacy by default and design with the technology, she said. When presented with a technology like Blockchain, what does a DPO do? Well you conduct your data protection impact assessment over the technology. She agreed that it is very robust and secure and unlikely to be encountering challenges regarding loss of personal data, but how does it sit with data retention? From a regulatory perspective, Heward-Mills acknowledged that there is no central regulation required, but is it desired? In terms of how GDPR applies to Blockchain, she asked the audience if encrypted data and metadata is still considered to be personal information? Where there are decentralized systems, how does the legislation actually apply? Is it still fit for purpose? Looking at the key principles, she rated Blockchain againstthe principles of Article Five of the GDPR: Processed lawfully, fairly and in transparent manner Not transparent due to encryption Collected for specified, explicit and legitimate purpose Arguably legitimate for authentication purposes Adequate, relevant and limited to what is necessary Not necessary, ledger exists forever Accurate and where necessary, kept up to date May not be accurate, and no way to delete it Identification for no longer than necessary Not necessary, ledger exists forever Processed in a manner that ensures its security Secure Continue reading >>
Blockchains And The Gdpr
The imminent entry into force of the EU General Data Protection Regulation (GDPR) coincides with pronounced hype surrounding blockchains as a new method of data storage and management. Blockchains and other forms of Distributed Ledger Technology (DLT) are an emergent technology that remains immature and only time will tell whether they are here to stay. Blockchains are currently being avidly experimented with in Europe and beyond. These replicated and tamper-proof databases provide new methods of data handling. Their characteristics contrast with those of centralized forms of data management that regulators had in mind when fashioning the GDPR. In a recent paper I examinewhether a technology based on the decentralized collection, management and storage of data can be compatible with the GDPR, which was fashioned for data silos. This question is of pivotal importance as, in light of its expansive geographical scope, the GDPR is not only relevant for blockchain projects in Europe but around the world. I conclude that a legal framework designed for a sphere of centralization cannot easily be applied to one of decentralization. The GDPR embraces a broad definition of personal data as any information relating to an identified or identifiable natural person, the data subject. Where data qualifies as personal data, it can only be processed subject to a number of conditions and data subjects derive specific substantive rights in respect of their data. Blockchains are essentially an append-only replicated database that is maintained by a consensus algorithm and stored on multiple nodes (computers). Data can be stored on blockchains in plain text or it can be encrypted or hashed to the chain. It is well-established that data that has been encrypted or hashed still qualifies as p Continue reading >>
Achieving Gdpr Compliance And Data Privacy Using Blockchain Technology
Achieving GDPR compliance and data privacy using blockchain technology CxOs, data engineers, programmers, and software developers A basic understanding of blockchain technology Learn how to use open source blockchain technologies such as Hyperledger to implement the European Union's General Data Protection Regulation (GDPR) regulation The General Data Protection Regulation (GDPR) is an EU regulation acting as a one-stop shop for all data privacy rules across the EU. GDPR governs all global entities dealing with EU citizens data in any form or shape. Ajay Mothukuri, Arunkumar Ramanatha, and Vijay Srinivas Agneeswaran explain how to use open source blockchain technologies such as Hyperledger to implement GDPR. GDPR aims to ensure the data privacy of EU citizens through a single set of rules for data protection, increased responsibility and accountability for those entities processing personal data, required notification of any data breaches in stipulated timelines, the pseudonymization of personal data in such a way that resulting data cannot be attributed to a specific data subject without use of additional nonpersonal information, more accessible personal data, the ability to transfer personal data from one service provider to another easily (data portability), a right to be forgotten, and data protection by design and by default. These rules apply to all foreign companies and entities that are active in EU market and offer their services to EU citizens, and there are heavy sanctions for any violations, that can total up to 4% of annual global turnover. Blockchain technologies can help companies fall in line with GDPR directives. Pseudonymization is built into the blockchain, as all the data in a blockchain is encrypted and undersigned with the users digital signatures Continue reading >>
The Effect Of Gdpr On Blockchain And Cryptocurrency Services
The Effect of GDPR on Blockchain and Cryptocurrency Services The European Union (EU) General Data Protection Regulation (GDPR) is a law designed to enhance the protection of personal data and give individuals greater control over their own data. While the law applies to individuals and personal data resident in the EU, many organizations and services are taking the opportunity to revise their policies and practices for all users. As the GDPR comes into effect today, May 25, 2018, many cryptocurrency service providers have made changes to bring their policies and practices into compliance. A key objective of the GDPR empowers individuals (or data subjects) with various rights. Some of these rights align well with blockchain technology. For example, the GDPR includes a right to information, giving individuals the right to request how their personal data is being shared and processed. The right to access is also a step towards greater transparency, as it allows individuals the opportunity to view their own personal data that has been collected by an organization or service.IBM has released a white paper outlining some key ways that blockchain technology can be used to support the goals of GDPR and enhance compliance. However, the GDPR also enforces the right to be forgotten, which provides individual data subjects with a right to request the deletion of personal data. Immutability is a core feature of blockchain technology, and without a central authority to oversee the erasure of any personal data, this part of the GDPR presents a considerable challenge for any open blockchain network that has stored personal data on the blockchain. Andries Van Humbeeck, Blockchain consultant for TheLedger.be , highlights this potential clash between GDPR and the blockchain: And here is Continue reading >>
How To Deploy Blockchain Tech For Gdpr Compliance
How to deploy blockchain tech for GDPR compliance As companies look for solutions, Armin Ebrahimi, CEO of ShoCard, shares with The Paypers ways to deploy blockchain to enable businesses to meet GDPR compliance. Enforcement of the EUs General Data Protection Regulation (GDPR) is approaching quickly. On May 25, 2018, any company, foreign or domestic, that processes the personal data of EU inhabitants is expected to have solutions in place to meet the regulations requirements. The GDPR is designed to give prospects, customers, contractors, employees, etc., more power over their data and less power to the organizations that collect and use it for monetary gain. However, decentralized solutions based on blockchain technology are innovating how data is collected, stored and distributed, and these solutions provide options not available through traditional data protection methods. Blockchain technology enables the actualization of completely digital identities, allowing for the concept of Bring Your Own ID (BYOID) to gain traction and adoption. Staring down the new GDPR requirements and the social and business pressures to not become the next Equifax, companies are searching for innovative solutions to put themselves ahead of the curve when it comes to protecting the data of their clients, customers and users. The public is also putting much of this pressure on enterprises, searching for a way to gain more control over their own data. If a solution that allows them to control their own data is available, why should they entrust its protection to companies vulnerable to hacks? A blockchain identity management (IM) system, uses public/private key encryption and data hashing to safely verify data via the blockchain. A persons identity and data are stored on their device, and the Continue reading >>
What Does The Eus Gdpr Mean For Blockchain?
What Does the EUs GDPR Mean for Blockchain? Thomas Delahunty | April 6, 2018 | 1:32 am What Does the EUs GDPR Mean for Blockchain? Thomas Delahunty | April 6, 2018 | 1:32 am Generally we know that blockchain technology underpins cryptocurrencies, and there are many organizations using the technology for a myriad of other applications: executingcontracts, modernizingland registries, even providing new systems foridentity management. But theres a small problem on the horizon. According to aposttoday from Washington, DC-based think tank Coin Center, blockchain technology may be fundamentally incompatible with Europes new privacy laws that will come into effect in May of this year. TheGeneral Data Protection Regulation (GDPR)will take effect on May 25th, under the new rule companies will be required tocompletely erase the personal dataof any EU citizen who requests that they do so. The problem is that with blockchain, a complete erasure of any stored personal data might not be possible, experts told The Verge . Modifying data on a blockchain is very hard, Oxford Law lecturer Michle Finck toldThe Verge, If you were to delete or modify data from the blockchain to comply with the GDPRs rights to amendment or the right to be forgotten, you wouldnt just change that piece of data, but the hash of the block containing the data and of all subsequent blocks. Finck continued, I think its safe to say that currently, most blockchains are incompatible with the GDPR, especially permissionless blockchains. She said that although some blockchain projects are currently thinking about applications that would be GDPR-compliant, the problem is that there are so many points of tensionway beyond the right [for personal data] to be forgotten. By their very nature, transactions on a blockchain ar Continue reading >>
Blockchain Data Protection Law | Deloitte Legal Deutschland
IV. Potential conflicts with data protection law Blockchain applications are currently amongst the most discussed topics when it comes to the precursors of the fourth industrial revolution. Within the global Deloitte network, the Deloitte Blockchain Institute was founded in order to analyze and consult on the technical and economic potentials and risks of blockchain applications for sector-specific industries (e.g. telecommunications or media ). The following article deals with blockchain applications from the perspective of data protection law, in particular the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation - "GDPR"), which will enter into force in May 2018. In addition to an approximation to the term blockchain (cf. section I.), the main question addressed by this article is, to what extent this technology will impact on those areas of life that have been traditionally regulated by analogue law and institutions (cf. section II.). Finally, the potential of blockchain is briefly addressed as an instrument of data protection (cf. section III.) and explains the extent to which data protection law may create certain boundaries to potential applications of blockchain technology (cf. section IV.). As the term already suggests, one of the essential characteristics of a blockchain is the concatenation of blocks. More specifically, such blocks are comprised of a certain number of cumulative records, the contents of which are interconnected in such manner that each subsequent block contains a cryptographic image of the previous block. Thus it can be ensured that data cannot be manipulated unrecognized after the respective data has been entered into a block, completed and "attached" to a subsequent blo Continue reading >>
How Does The Eus Gdpr Apply To Hashed Data On The Blockchain?
How does the EUs GDPR apply to hashed data on the blockchain? Despite blockchains superior technical capacity for data privacy and security, lack of control over personal data is a major issue for the many companies subject to the EUs new digital data privacy lawthe General Data Protection Regulation (GDPR)which comes into effect May 2018. In May 2015, the European Commission published its Digital Single Market strategy, designed to produce a seamless commercial market across national borders to improve online access to goods and services, set a level playing field for competing firms, and spur economic growth. As part of this regulatory harmonization, the EU adopted the GDPR to facilitate net neutrality, cloud computing, access to big data and protection of citizens personal data. Traditionally, Europe has followed stricter standards of data privacy than their American counterparts who often place a stronger emphasis on free expression and access to information. The GDPR focuses on digital identity governance , to give citizens more control of their personal data, limit the scope of lawful data processing by data controllers and enforce 1) a right to erasure of data, aka the right to be forgotten, 2) a right to data portability, and 3) a right to consent to uses of ones personal data. Enter blockchain, dubbed data protection by design and default in which data is either two-way encrypted, so as to be unreadable without a private key, or hashed in one direction. Blockchain hashing is very important for commercial functions like automated cross-border authentication of documents that do not contain personally identifiable information. But what happens when personal data is being processed in a blockchain? The GDPR does not apply to anonymized data that cannot be traced Continue reading >>
How Blockchain Tech Can Facilitate Gdpr Compliance
How Blockchain Tech Can Facilitate GDPR Compliance How Blockchain Tech Can Facilitate GDPR Compliance Posted on March 8, 2018 at March 7, 2018 by Armin Ebrahimi 639 0 The Role of BYOID in Meeting Requirements With the deadline fast approaching to have solutions in place that comply with GDPR regulations, its predicted that 80 percent of companies wont be ready. Blockchain technology offers a new, innovative and purpose-built way to meet the regulations requirements. Heres what you need to know about blockchain-based identity management, BYOID and how they address the same principles and goals of GDPR. The blockchain, the technology behind Bitcoin and cryptocurrency in general, has far-reaching applications. The underlying capabilities of the blockchain that of a decentralized, immutable ledger can be applied to multiple industries to protect data and identify information of users and companies and to meet compliance standards. With the enforcement of the EUs General Data Protection Regulation (GDPR) beginning on May 25, 2018, all companies processing or handling the personal data of persons residing in the EU, including U.S.-based companies, are searching for data-handling solutions that find innovative ways to comply with the new regulations. The GDPR is designed to give people more power over their own data, giving less to the organizations that collect and use it for monetary gain. Blockchain-based identity management enables the concept of bring your own identity, or BYOID, which aims to accomplish much of the same things as GDPR giving back to users control over their data. Predicted to Fail, Companies Search for Solutions Because the legislation is so new, companies are still exploring what it will mean to be GDPR compliant. Forrester recently predicted that 80 p Continue reading >>