CryptoCoinsInfoClub.com

Blockchain Gdpr Compliance

Blockchain Is On A Collision Course With Eu Privacy Law

Blockchain Is On A Collision Course With Eu Privacy Law

Blockchain is on a collision course with EU privacy law Those who have heard of blockchain technology generally know it as the underpinning of the Bitcoin virtual currency, but there are myriad organizations planning different kinds of applications for it: executing contracts , modernizing land registries , even providing new systems for identity management . Theres one huge problem on the horizon, though: European privacy law. The blocs General Data Protection law, which will come into effect in a few months time, says people must be able to demand that their personal data is rectified or deleted under many circumstances. A blockchain is essentially a growing, shared record of past activity thats distributed across many computers, and the whole point is that this chain of transactions (or other fragments of information) is in practice unchangeable this is what ensures the reliability of the information stored in the blockchain. For blockchain projects that involve the storage of personal data, these two facts do not mix well. And with sanctions for flouting the GDPR including fines of up to 20 million or 4 percent of global revenues, many businesses may find the ultra-buzzy blockchain trend a lot less palatable than they first thought. [The GDPR] is agnostic about which specific technology is used for the processing, but it introduces a mandatory obligation for data controllers to apply the principle of data protection by design, said Jan Philipp Albrecht, the member of the European Parliament who shepherded the GDPR through the legislative process. This means for example that the data subjects rights can be easily exercised, including the right to deletion of data when it is no longer needed. This is where blockchain applications will run into problems and will proba Continue reading >>

Gdpr And Blockchain: Is The New Eu Data Protection Regulation A Threat Or An Incentive?

Gdpr And Blockchain: Is The New Eu Data Protection Regulation A Threat Or An Incentive?

GDPR and Blockchain: Is the New EU Data Protection Regulation a Threat or an Incentive? New European data protection regulation to trigger even more blockchain innovation. The General Data Protection Regulation (GDPR) , a sweeping and stringent European Union (EU) wide legal framework for personal data privacy, became effective on May 25. Ready or not, this framework is going to drastically transform the business of any digital venture. The International Association of Privacy Professionals (IAPP) forecast that at least 75,000 privacy jobs will be created as a result, and that Fortune's Global 500 companies will spend close to $8 bln in order to ensure they are compliant with the GDPR . But what does this mean for the blockchain? The GDPRs goals are: to create a uniform data regulation framework within Europe, and to strengthen individuals control over the storage and use of their personal data. It was adopted in 2016 , and after a two-year transition period, is now in force. The GDPR introduces new procedural and organizational obligations for "data processors" - including corporate as well as public entities, and gives more rights to data subjects - the term it uses for individuals. Public and private organizations, when left to themselves, tend to accumulate data even before knowing what they will do with it, sort of "gold rush" in personal data acquisition. The GDPR goes against this habit by specifying that data processors should not collect data beyond what is directly useful to their immediate interaction with consumers. In effect, the data harvest should be adequate, relevant and limited to the minimum necessary in relation to the purposes for which they are processed (Article 39 of the GDPR). Besides setting out what is or isnt allowed, the GDPR also specifies Continue reading >>

Blockchain And Gdpr: Between A Block And A Hard Place

Blockchain And Gdpr: Between A Block And A Hard Place

Home News Blockchain and GDPR: Between a Block and a Blockchain and GDPR: Between a Block and a Hard Place Blockchain and other emerging distributed ledger technologies offer the promise of increased security, transparency and resilience based on the use of distributed, immutable records. At the same time, the European Union General Data Protection Regulation ( GDPR ), which takes effect May 25, 2018, governs the use and protection of personal data collected from or about any European Union resident. Personal data is defined very broadly and includes any information relating to an identified or identifiable natural person. Under current EU legal interpretations, this includes encrypted or hashed personal data, as well as public cryptographic keys that can be tied to a private individual. The penalties for failing to comply with the GDPR are harsh including fines of up to the greater of 20 million or 4 percent of a companys annual worldwide revenue. The GDPR: Centralized, Restricted and Removable The GDPR was developed based on an assumption that collected personal data would be controlled by an identifiable data controller and processed by the data controller or by a finite number of identifiable data processors and sub-processors. In order to protect the use of personal data, data controllers and processors must control who accesses the personal data, where and to whom it is transferred, and by whom it is accessed. The GDPR gives EU residents enforceable rights with respect to their personal data, including: the right to erasure of personal data when the personal data is no longer needed for the purpose for which it was collected, when the individual withdraws consent, or when continued processing of the data is unlawful; the right to require correction of incorrect d Continue reading >>

The Role Of Blockchain In Gdpr Compliance

The Role Of Blockchain In Gdpr Compliance

The role of blockchain in GDPR compliance The role of blockchain in GDPR compliance Can blockchain be the key to helping your business conquer GDPR? GDPRs recent entering into force is a breath of fresh air for consumers (once the seemingly endless stream of updated privacy policy emails dries up). The legislation has been anticipated for years, but its implementation is welcome now more than ever, in the wake of data breaches like those carried out on Equifax or Facebook. Want to know more about GDPR? Check out our GDPR guide here GDPR is empowering users where their data is concerned. As well as requiring companies to beef up their security and handling of any user information, it allows individuals to request the purging of their information from company databases. Its an excellent step in the right direction recognising rights that consumers should have had for a long time. It imposes steep fines on the companies that fail to adhere to strict standards. One of the downsides that critics have been quick to point out is the capacity of smaller businesses to implement the changes necessitated by GDPR. Whilst large companies will find it easy to invest in updating their policies and tweaking their infrastructure to reflect the changes in regulation, smaller ones will struggle, and may not have the funds or skills to safely protect user data (a fine of 20 million could spell the end for such businesses). I believe blockchain technology can help, not only for smaller businesses, but for large ones as well. Blockchain technology is the ideal match for GDPR on one hand, rights are protected by legislation, and on the other, theyre secured by technological advances. With this emerging technology, companies no longer need to store customer information in easily-targetable da Continue reading >>

Blockchain Technology May Not Be The Best Solution For Gdpr Compliance

Blockchain Technology May Not Be The Best Solution For Gdpr Compliance

Blockchain technology may not be the best solution for GDPR compliance Use commas to separate multiple email addresses GDPR deadline looms: The price and penalties | Salted Hash Ep 20 (13:48) With the General Data Protection Regulation (GDPR) deadline fast approaching, host Steve Ragan explores the implications of noncompliance for companies -- and possible penalties -- with Greg Reber, founder/CEO of AsTech Consulting. GDPR deadline looms: The price and penalties | Salted Hash Ep 20(13:48) Despite facing attacks from Chinese regulators and even Jamie Dimon last month, Bitcoin has never been more popular. In fact, a single bitcoin is currently valued at over $5,000 and rising up from roughly $630 at this point last year.Part of the cryptocurrencys appeal can be traced to its use of blockchain, a decentralized ledger technology that anonymizes person-to-person transactions and updates client transactions and balances without going through a bank or other centralized authority. This helps ensure that transactions are not only anonymous, but difficult to taint or tamper. Many companiesincluding those in the financial industryare exploring new ways to incorporate this into day-to-day business activities. Companies such as NASDAQ, Bank of America, and Goldman Sachs, for example, have already filed patents that apply blockchain technology towards day-to-day financial tasks. Some of these patents, for example, apply blockchain principles to creating audit-friendly backup databases for financial documents , streamlining securities settlements , and creating buyer & seller aliases to anonymize person-to-person payments . [ Learn how to protect PII under GDPR . | Get the latest from CSO by signing up for our newsletters . ] Can companies also use blockchain technology to meet th Continue reading >>

Blockchain Technology Is On A Collision Course With Eu Privacy Law

Blockchain Technology Is On A Collision Course With Eu Privacy Law

Blockchain technology is on a collision course with EU privacy law Those who have heard of "blockchain" technology generally know it as the underpinning of the Bitcoin virtual currency, but there are myriad organizations planning different kinds of applications for it: executing contracts , modernizing land registries , even providing new systems for identity management . There's one huge problem on the horizon, though: European privacy law. The bloc's General Data Protection law, which will come into effect in a few months' time, says people must be able to demand that their personal data is rectified or deleted under many circumstances. A blockchain is essentially a growing, shared record of past activity that's distributed across many computers, and the whole point is that this chain of transactions (or other fragments of information) is in practice unchangeable this is what ensures the reliability of the information stored in the blockchain. For blockchain projects that involve the storage of personal data, these two facts do not mix well. And with sanctions for flouting the GDPR including fines of up to 20 million or 4 percent of global revenues, many businesses may find the ultra-buzzy blockchain trend a lot less palatable than they first thought. "[The GDPR] is agnostic about which specific technology is used for the processing, but it introduces a mandatory obligation for data controllers to apply the principle of 'data protection by design'," said Jan Philipp Albrecht, the member of the European Parliament who shepherded the GDPR through the legislative process. "This means for example that the data subject's rights can be easily exercised, including the right to deletion of data when it is no longer needed. "This is where blockchain applications will run into Continue reading >>

#irms18 Can Blockchain Be Compliant With Gdpr?

#irms18 Can Blockchain Be Compliant With Gdpr?

#IRMS18 Can Blockchain be Compliant with GDPR? Speaking at the IRMS Conference in Brighton, Dyann Heward-Mills, CEO, HewardMills focused on emergence of Blockchain, and the need for GDPR compliance. She calledthe relationship between the regulation and distributed ledger critical as data protection officers need to understand its impact, how it sits with data subject rights and the Right to be Forgotten. Critical is the implementation of privacy by default and design with the technology, she said. When presented with a technology like Blockchain, what does a DPO do? Well you conduct your data protection impact assessment over the technology. She agreed that it is very robust and secure and unlikely to be encountering challenges regarding loss of personal data, but how does it sit with data retention? From a regulatory perspective, Heward-Mills acknowledged that there is no central regulation required, but is it desired? In terms of how GDPR applies to Blockchain, she asked the audience if encrypted data and metadata is still considered to be personal information? Where there are decentralized systems, how does the legislation actually apply? Is it still fit for purpose? Looking at the key principles, she rated Blockchain againstthe principles of Article Five of the GDPR: Processed lawfully, fairly and in transparent manner Not transparent due to encryption Collected for specified, explicit and legitimate purpose Arguably legitimate for authentication purposes Adequate, relevant and limited to what is necessary Not necessary, ledger exists forever Accurate and where necessary, kept up to date May not be accurate, and no way to delete it Identification for no longer than necessary Not necessary, ledger exists forever Processed in a manner that ensures its security Secure Continue reading >>

Why Blockchain Poses An Unusual Challenge For Gdpr Compliance

Why Blockchain Poses An Unusual Challenge For Gdpr Compliance

Why Blockchain Poses an Unusual Challenge for GDPR Compliance Many of GDPRs biggest mandates are fundamentally incompatible with blockchain technology. How can blockchain operators find common ground with the new regulation? By Gabrielle Orum Hernndez |May 25, 2018 at 08:00 AM Your article was successfully shared with the contacts you provided. With the deadline for those servingEU customers to prepare for the General Data Protection Regulation (GDPR) finally here, companies are tightening up information governance structures, sending out new privacy policy updates to consumers, and preparing for the regulations mandate that individual consumers be able to request the return and erasure of their personal data from big companies. Gabrielle Orum Hernndez is a reporter with Legaltech News and the Daily Report covering legal technology startups and vendors. She can be reached by email at [email protected], or on Twitter at @GMOrumHernandez. Devising a Disaster Recovery Plan: Key Considerations for Law Firms Disaster down-time could cost your law firm hundreds of thousands of dollars in revenue. This paper outlines key considerations and best practices to use in devising your disaster recovery plan. Vital Stats for Commercial Litigation & How Legal Analytics Helps You Strategize This infographic/data sheet combo provides a pulse on vital commercial litigation statistics today, and illustrates how you can predict the behavior of courts, judges, lawyers, and more. Brad Perry, Glenn O Brien and Scott Paster of Canon Discovery Services discuss industry trends, how firms and corporate counsel can thrive in the current environment, and the company s 30-year track record of solving lawyers challenges. With this subscription you will receive unlimited access to high quality, onlin Continue reading >>

Blockchains And The Gdpr

Blockchains And The Gdpr

The imminent entry into force of the EU General Data Protection Regulation (GDPR) coincides with pronounced hype surrounding blockchains as a new method of data storage and management. Blockchains and other forms of Distributed Ledger Technology (DLT) are an emergent technology that remains immature and only time will tell whether they are here to stay. Blockchains are currently being avidly experimented with in Europe and beyond. These replicated and tamper-proof databases provide new methods of data handling. Their characteristics contrast with those of centralized forms of data management that regulators had in mind when fashioning the GDPR. In a recent paper I examinewhether a technology based on the decentralized collection, management and storage of data can be compatible with the GDPR, which was fashioned for data silos. This question is of pivotal importance as, in light of its expansive geographical scope, the GDPR is not only relevant for blockchain projects in Europe but around the world. I conclude that a legal framework designed for a sphere of centralization cannot easily be applied to one of decentralization. The GDPR embraces a broad definition of personal data as any information relating to an identified or identifiable natural person, the data subject. Where data qualifies as personal data, it can only be processed subject to a number of conditions and data subjects derive specific substantive rights in respect of their data. Blockchains are essentially an append-only replicated database that is maintained by a consensus algorithm and stored on multiple nodes (computers). Data can be stored on blockchains in plain text or it can be encrypted or hashed to the chain. It is well-established that data that has been encrypted or hashed still qualifies as p Continue reading >>

Gdpr: A Stumbling Block For Blockchain Technology? | Mindtree

Gdpr: A Stumbling Block For Blockchain Technology? | Mindtree

These are interesting times. Around the world, new and emerging technologies are disrupting and transforming traditional trade practices. In Europe, a deadline is approaching (25 May 2018) for implementation of a new regulation on data protection that will contribute to this transformation for anyone doing business within the European Union (EU). The General Data Protection Regulation (GDPR), the European Parliament and the European Commission intend to strengthen data protection for all individuals within the EU. Non-compliance can lead to a fine of up to 4% of the annual global turnover of the organization. The GDPR includes a number of provisions affecting digital identity governance that provide individuals with control over their personal data. Key provisions are: Right to Consent: Individuals must provide consent before their personal data can be used, and they can revoke that consent at any time. Right to be Forgotten: Individuals can request erasure of any or all of their personal data Right to Portability: Individuals have the right to receive the personal data they previously provided to a processor in an easy-to-use digital format and transmit the data to another processor. Right of Data Minimization: A processor can use an individuals personal data only if it is necessary for the specific purpose. For example, using the minimum data required. GDPR compliance is a top priority for organizations in the EU. In addition, many organizations are keen to adopt the emerging blockchain technology. While there are benefits to both, blockchain technology has the potential to disrupt operating models when viewed in conjunction with GDPR compliance. Blockchain is a distributed database that maintains a continuously growing list of records which is called blocks. Each bl Continue reading >>

Achieving Gdpr Compliance And Data Privacy Using Blockchain Technology

Achieving Gdpr Compliance And Data Privacy Using Blockchain Technology

Achieving GDPR compliance and data privacy using blockchain technology CxOs, data engineers, programmers, and software developers A basic understanding of blockchain technology Learn how to use open source blockchain technologies such as Hyperledger to implement the European Union's General Data Protection Regulation (GDPR) regulation The General Data Protection Regulation (GDPR) is an EU regulation acting as a one-stop shop for all data privacy rules across the EU. GDPR governs all global entities dealing with EU citizens data in any form or shape. Ajay Mothukuri, Arunkumar Ramanatha, and Vijay Srinivas Agneeswaran explain how to use open source blockchain technologies such as Hyperledger to implement GDPR. GDPR aims to ensure the data privacy of EU citizens through a single set of rules for data protection, increased responsibility and accountability for those entities processing personal data, required notification of any data breaches in stipulated timelines, the pseudonymization of personal data in such a way that resulting data cannot be attributed to a specific data subject without use of additional nonpersonal information, more accessible personal data, the ability to transfer personal data from one service provider to another easily (data portability), a right to be forgotten, and data protection by design and by default. These rules apply to all foreign companies and entities that are active in EU market and offer their services to EU citizens, and there are heavy sanctions for any violations, that can total up to 4% of annual global turnover. Blockchain technologies can help companies fall in line with GDPR directives. Pseudonymization is built into the blockchain, as all the data in a blockchain is encrypted and undersigned with the users digital signatures Continue reading >>

How Does The Eus Gdpr Apply To Hashed Data On The Blockchain?

How Does The Eus Gdpr Apply To Hashed Data On The Blockchain?

How does the EUs GDPR apply to hashed data on the blockchain? Despite blockchains superior technical capacity for data privacy and security, lack of control over personal data is a major issue for the many companies subject to the EUs new digital data privacy lawthe General Data Protection Regulation (GDPR)which comes into effect May 2018. In May 2015, the European Commission published its Digital Single Market strategy, designed to produce a seamless commercial market across national borders to improve online access to goods and services, set a level playing field for competing firms, and spur economic growth. As part of this regulatory harmonization, the EU adopted the GDPR to facilitate net neutrality, cloud computing, access to big data and protection of citizens personal data. Traditionally, Europe has followed stricter standards of data privacy than their American counterparts who often place a stronger emphasis on free expression and access to information. The GDPR focuses on digital identity governance , to give citizens more control of their personal data, limit the scope of lawful data processing by data controllers and enforce 1) a right to erasure of data, aka the right to be forgotten, 2) a right to data portability, and 3) a right to consent to uses of ones personal data. Enter blockchain, dubbed data protection by design and default in which data is either two-way encrypted, so as to be unreadable without a private key, or hashed in one direction. Blockchain hashing is very important for commercial functions like automated cross-border authentication of documents that do not contain personally identifiable information. But what happens when personal data is being processed in a blockchain? The GDPR does not apply to anonymized data that cannot be traced Continue reading >>

Blockchain - Solution Or Obstacle For Gdpr Compliance? - Eu Gdpr Compliant

Blockchain - Solution Or Obstacle For Gdpr Compliance? - Eu Gdpr Compliant

in Compliance , Rights , Security by Laura Vegh 0 Comments Not long ago we discussed in an article the way we approach security will be changed by the GDPR. Today we will tackle a more sensitive subject in the area of security blockchains. But what exactly is blockchain? A simple definition, found on Wikipedia, states that a blockchain is a continuously growing list of records, called blocks, which are linked and secured using cryptography. There are a few main traits of blockchains that make them both a benefit and a challenge for data protection. First of all, blockchains are distributed and decentralized. Because of this, it is almost impossible to identify the person responsible for the data. Second, there is the fact that blockchains are public, which means that all information on the blockchain is accessible to everyone. Finally, blockchains are not editable, meaning you cant make changes to the personal data they contain. Now, if we go back and think about some of the requirements of the GDPR, we might start to see why the basic properties of blockchains can be both pros and cons for compliance, which we will discuss in the following paragraphs. Opinions surrounding blockchain are generally divided between those who believe its the best invention in terms of security and those who believe it wont work well with the GDPR. Some say data subjects rights are harder to guarantee using blockchain. Others believe this is a trend that could go away any time and with it all the personal data would be gone. The GDPR is essentially about data subjects rights. So the fact that blockchain protects identity by making data almost unidentifiable is at first sight a good thing. However, this is not the only right the GDPR focuses on. Other rights, such as the right to access, to Continue reading >>

How To Design A Gdpr-compliant Blockchain

How To Design A Gdpr-compliant Blockchain

How to design a GDPR-compliant blockchain Transform: The AI event of the year for growth marketers. Aug. 21 - 22 VB Summit: The best in AI. An invite-only executive event. Oct. 22 - 23 General Data Protection Regulation (GDPR), the farreaching personal data privacy regulationgoing into effect Friday,aims to give individuals more control over their personal information. Among otherrequirements,itestablishesthe right of erasure the rightof an individualto request that any personal data about them bepermanentlydeleted. This right, also known as the right to be forgotten, has caused somenotableheartachein the blockchain community, as it appears to go against one of thefundamentalunderlying tenets of blockchain: immutabilityofpostedinformation. So how do we reconcile this right with thestructuralelement of blockchain that essentially makes it impossible to deletedataonce itis enteredontothe chain? It appearsthat thereare only two leading viablesolutions given current technology: Convincingregulatorsthat erasure doesnt have to mean data is literally deleted and that making data permanently inaccessible without deletion should produce the same effect Figuring out a way to use blockchainwhilekeepingsensitive data off chain. The final workable solution might be some combination of the two. Hashing is one of the fundamental elements of blockchain and, in very abbreviated terms, means that data is transformed in such a way that it cannot be reverse-engineered into its original state. GDPRlimits the definition of personal data to information that is linked or could be linked to a specific person, with the understanding that if data is completely anonymized so that it cannot be re-linked to a person,even with additional external information, then it falls outsidethescope of persona Continue reading >>

Open Questions About Gdpr Compliance In The Context Of Blockchain Technologies

Open Questions About Gdpr Compliance In The Context Of Blockchain Technologies

Open Questions about GDPR Compliance in the Context of Blockchain Technologies New platforms and applications integrating blockchain technologies are emerging worldwide. At the same time we are about to face the deadline of the GDPR compliance adaption phase at the 24th May this year. While many properties of blockchain facilitate GDPR compliance, the Right to Erasure imposes a special challenge. When it comes to deletion of data, three kinds are accepted by the regulation: Physical deletion of data from the data carrier Logical deletion, respectively anonymisation of the data While destruction of all data carriers in a blockchain network is highly unlikely, physical deletion of data from a ledger is a complete contradiction to the design of the technology itself. So the only option which is left is logical deletion. Logical deletion of data in the context of blockchain can be enabled by exclusively uploading anonymous data to the ledger. However, the threshold for data to qualify as anonymised set by the European Commission is very high. In 2014, the Article 29 Working Party, provided guidance on the difference between pseudonymised and anonymised data in its Opinion 05/2014 (WP 216). The guidance states that anonymisation results from processing personal data in order to irreversibly prevent identification. Because hashing permits records to be linked, hashing will generally be considered a pseudonymisation technique, not an anonymisation technique. This high standard will continue to apply under the European General Data Protection Regulation 2016/679 (GDPR). From a mathematical point of view the reasoning hashing permits records to be linked is not correct, because hash functions are not invertible (not even injective) and therefore a linking is only possible from Continue reading >>

More in ethereum