Enforcement of the EU’s General Data Protection Regulation (GDPR) is approaching fast, officially affecting foreign and domestic companies starting on May 25. The legislation is meant to give EU citizens more power over their data and less power to the organisations using it to increase their own bottom lines.
For the companies that want to completely comply with the regulation, GDPR’s encroaching enforcement is incredibly stressful, and the true ramifications of the regulation won’t be known until it begins being enforced.
Companies handling data on their users are expected to meet certain provisions, including “privacy by design” and “right to erasure” among others. There are solutions built to address the provisions, blockchain technology, when applied correctly, can provide the identity management solutions needed to ensure companies are not fined for not being GDPR ready.
Blockchain technology, as a public, distributed ledger, when applied correctly to data and identity management can help companies meet provisions of the GDPR. When applied to identity management (IM), blockchain technology revolutionises how data is collected, stored and distributed. IM solutions using this technology provide options not traditionally available through conventional data protection methods.
Specifically, blockchain IM systems use public/private key signatures, encryption and data hashing to safely verify data using the blockchain. This method inverts traditional data ownership, allowing a person’s identity and data to be stored on their device, rather than stored on a corporate central database. The blockchain is used as a public, immutable ledger to verify for third parties that the original data or certification has not been changed or misrepresented, but it contains no personal data on the user.
This method reduces the need to collect personally identifiable information (PII) on users, consumers, employees or anyone else associated with the organisation. With no PII to store, massive databases entrusted to an organisation’s cyber security capabilities will no longer exist. Incorporating blockchain-based IM into their products allows companies to meet the GDPR’s “privacy by design” provision.
Privacy by design encourages companies to begin the process of creating their products with the intent to keep data private, and blockchain-based IM, when incorporated into a product or service from the very beginning, puts privacy in the hands of the user, rather than the organisation. With user privacy at the core of these solutions’ data propositions, “privacy by design” standards are met and exceeded.
“Right to erasure” is also addressed through blockchain-based IM. The provision gives EU citizens the right to withdraw consent at any time, which presumes consent is required for specific actions. Any data held must have an audit trail. Using a blockchain-based IM system facilitates permission-based access of information, leaving an audit trail of consent on the blockchain.
Blockchain technology, when used to authenticate a user’s identity rather than store identifying information, can be an organisation’s biggest ally in meeting GDPR provisions.
The concept of inverting the ownership of PII gives more control to EU citizens, meeting the spirit of the law and giving us the opportunity to change the way we think about digital identity completely.
Sourced by Armin Ebrahimi, CEO and founder of ShoCard