Blockchain and DLT Companies Offered Advice on GDPR Policy
Under the supervision of the European Commission, the European Union Blockchain Forum has given guidance and tips for distributed ledger technology companies on how to avoid GDPR breeches.
The official document created by ConsenSys, a blockchain software tech company, states that blockchain companies must first analyze whether or not their distributed ledger technology products create user value and loyalty, whether it relies on personal data, and whether its necessary to store that data on blockchain platforms.
Since personal data is a great value in the data protection process, companies should use different tools to make personal information as anonymous as possible. Anonymity is one of the cores of blockchain technology, and many attribute it to be one of the most important factors of the blockchain revolution. Without it, a plethora of security issues begins to arise as customer data loses a significant element of security.
General Data Protection Regulation and DLT
Cryptographic security has different techniques to ensure this including reversible encryption, hashing, and data obfuscation. So, companies must first understand the risks associated with potential errors.
The reversible risk happens when a system reverses the process and reconstitutes the data, which is what happens in brute force decryption. On the other hand, linkability risk happens when encrypted data links to an individual by examining context patterns or by comparing information to others.
Anonymous data isn’t covered under the GDPR, but it is regulated by pseudonymized personal information that is anonymizing administrative data to secure its privacy. Even If encryption is based on personal data, it doesn’t necessarily mean that the result is anonymous.
Moreover, if the data is decrypted it will lead to reversal risk.
The GDPR forum advises companies to obtain off-chain personal data or depend on blockchain networks with explicit permission to avoid any kind of risk. It is very important to carefully manage personal data when combining private and public blockchain networks.
Erasing clause, identification, and obligations are very important steps for data controllers and processors in order to avoid tension between GDPR and blockchain companies. The Forum acknowledges that by nature, GDPR compliant blockchain tech does not exist, which is why the use of the technology is highlighted rather than the technology itself.
This year, GDPR compliance has fostered a heated debate within the industry and has become the main objective for blockchain companies to maintain its high standard of security.