GDPR is a general data protection regulation that was recently adopted by the European Union (EU) into law. The main objective of the law is to meet the personal privacy needs of individuals (EU citizens).

The law gives certain rights to users, which include:

  1. The right to be forgotten.
  2. Right to data portability.
  3. The right to access information relating to you.
  4. The right to compel companies to edit, correct, or change data about you.

The law effectively gives control of personal information back to the person who owns it, rather than the company that stores it. So companies no longer have control over a user's personal information.

According to industry experts, the General Data Protection Regulation will have a significant impact on the tech industry. According to the IAPP (International Association of Privacy Professionals), it will create more than 75,000 data protection officers (DPOs) in the privacy industry.

The same report also found that well-known companies, such as Fortune 500 companies, will spend around US$8 billion to ensure their businesses are GDPR compliant.

The Importance of GDPR Compliance for Tech Companies

What does this mean? These tech companies are taking this seriously and want to comply with the law. The EU could impose large fines if companies fail to comply with the General Data Protection Regulation.

But is it possible for these companies to use blockchain and remain GDPR compliant?

We will consider the answer to this question in the following sections.

Even though the General Data Protection Regulation is a law adopted only by the EU, it is not limited to EU-based companies. Any company that uses the personal data of an EU citizen to provide services also falls within the scope of the General Data Protection Regulation.

Why Do GDPR and Blockchain Contradict Each Other?

Blockchain means immutable ledger, and an immutable ledger is a record that cannot be changed. However, the General Data Protection Regulation is a law that allows people to change any personal data they want. This situation is referred to as a conflict or contradiction.

This is why there is so much discussion about the impact of the General Data Protection Regulation on blockchain, and whether this regulation could become a serious obstacle to the rapid growth of blockchain.

When the General Data Protection Regulation was originally developed in 2012, it was designed for social media and cloud services to give users control over how their personal information is used on these platforms.

This means that blockchain is not the main target of the new law. However, since blockchain stores personal data as well as personal transaction history, it is now subject to the General Regulation and all applicable laws in accordance with the General Regulation’s legal framework.

This could force companies to reassess whether the blockchain they plan to adopt in the near future is GDPR compliant.

The problem here is that even if this regulation finds that a particular blockchain is in violation of the law, who will the auditors blame for protecting data in a purely decentralized blockchain system?

This makes the relationship between the regulation and blockchain a bit complicated.

Could GDPR Stop Blockchain from Going Mainstream?

This is still a hotly debated topic. However, blockchain users need not worry. The more popular view now is that blockchain can actually help companies comply with the General Regulation.

The sole purpose of the General Regulation is to ensure that companies and tech giants handle user-related information in a more transparent and structured way. And when it comes to data transparency, blockchain offers exactly the same thing.

In fact, the General Data Protection Regulation and blockchain have much more in common. Both the technology and the law focus on the same thing: decentralizing control over data.

However, there are still many unanswered questions and legal debates regarding this matter.

Will the General Data Protection Regulation prevent blockchain from going mainstream? This seems unlikely, as blockchain technology is evolving and will likely adapt to the requirements of GDPR.

There are already people working on theories and methods that can help blockchain avoid actual conflict with data protection rights, which we will discuss in detail in a later section.

While there are many optimists in the tech industry who believe that blockchain will find its way into the General Regulation, there are also some pessimists.

For example, David Gerard, a popular writer on blockchain technologies, argues that blockchain can no longer be used for personal data under the General Regulation.

Fortunately, what David Gerard believes is not a popular opinion. Most tech experts agree that blockchain needs new ways, a better and more innovative approach, and different applications and components of blockchain that can help blockchain comply with the rules of the General Data Protection Regulation.

Blockchain and the "Right to Be Forgotten"

The General Regulation and blockchain go hand in hand when it comes to structuring users’ personal information in the best possible way. However, there is one fundamental conflict between them: the right to be forgotten.

The right under the General Data Protection Regulation allows users to ask organizations to delete all their personal data. However, blockchain is immutable, meaning you cannot edit or delete any information once it is added to the blockchain.

Tech experts believe that there are many solutions that can solve this problem.

First, blockchain can encrypt each user's personal information. This means that when a user requests to delete personal information by forgetting or deleting the encryption key, the data will be inaccessible. In the case of blockchain, this means that the data is no longer accessible and unrecoverable.

For some experts, this amounts to deletion, as is the case under the UK Data Protection Act. However, the issue may be open to legal debate, as there are techniques, such as quantum computing, that can break encryption.

Is It Possible to Delete Data from a Public Blockchain?

In theory, it is possible. However, blockchain data is available on many machines (nodes) in the network, and it is almost impossible to ask each machine to delete the data. That is why it is called an immutable ledger.

If you delete data from the public network, it breaks the chain, which makes the entire blockchain useless.

There is also a process called forking. In this method, nodes change the data they store, moving to a new version of the blockchain. In this process, you can delete data from a previous block, but it breaks the hash pointers between blocks. The blockchain then needs to rehash the blocks, updating the links.

However, this is possible and easier in a closed system with a limited number of local machines or nodes where the information is available. In an open system, it is almost impossible to link every node.

Compliance of Blockchain with the General Data Protection Regulation (GDPR)

In its current popular form, blockchain is not compliant with the General Data Protection Regulation. Information stored on an open network cannot be deleted, meaning you cannot grant users the right to delete or edit their information.

Many believe that using blockchain, which uses completely anonymous data, is the best way to avoid or comply with the General Data Protection Regulation.

Experts believe that creating a private blockchain rather than an open blockchain could make it compliant with the General Data Protection Regulation. A private or permissioned system, also called a closed system, does not use public nodes to store data. Instead, they store information on local machines, making it easier to delete information at someone’s request.

Read more :  Blockchain, The Dark side of Blockchain

Final Words

The General Data Protection Regulation and blockchain both offer benefits for end users and ensure data protection. However, the Right to be Forgotten under the GDPR puts this new law in direct conflict with blockchain technology.

The good news is that there are ways to keep blockchain GDPR compliant. Solutions such as encrypted data deletion, private blockchains, and off-chain storage are being explored to bridge the gap between blockchain technology and GDPR requirements.

While legal debates are still ongoing, technologists, business managers, and lawyers must collaborate to find ways to overcome the legal challenges that blockchain now faces.