Resources

17-05-2018

Careful, using blockchain could make you non-GDPR compliant

Processing your customer's data used to be pretty easy. It was just a case of adding their email, phone number and address into a spreadsheet and walah! You move on. With the General Data Protection Regulation coming into effect on May 25, things aren’t so simple anymore. This is even truer if you were considering joining the blockchain movement.



What is the GDPR?

GDPR, like blockchain, is all about empowering consumers & individuals over the business by giving them greater control over their personal data. It’s also about security. According to Business Insider UK, or organisations breached: “22% lost customers, 29% lost revenue, and 23% lost business opportunities.”

Companies now need to take greater care of how they handle their customer's data, who owns it, who has access to it and what can be done if they are breached. One solution some companies are exploring is the use of everyone’s favourite buzzword: blockchain.

What is a blockchain?

According to Don & Alex Tapscott, authors of Blockchain Revolution (2016), a blockchain is: “an incorruptible digital ledger of economic transactions that can be programmed to record not just financial transactions but virtually everything of value.”  

In other words, it’s a massive spreadsheet that is duplicated thousands of times across millions of computers (or however many are connected to the blockchain) that regularly updates itself. Because it is distributed the data is easily verifiable and highly secure.

How does this fit with the GDPR?

It doesn’t. The GDPR states people should have the means to ‘erase their data’ from company’s databases, and blockchain doesn’t have a centralised database for this information to be deleted. Deleting the data from a blockchain would actually break the chain, rendering the blockchain useless.

Blockchain removes the need for GDPR

Here’s the head twister. You can delete information from the blockchain by following a using your blockchain as an ‘access control medium’ whereby the blockchain acts as a verification tool rather than a database. This way companies and individuals can share data and know with certainty that their data hasn’t been tampered with or shared without permission.

This workaround is rather complex however and would require extensive input from the company. But if the cultural mindset is switching to a more transparent model, then we may see regulation adapting to technologies like blockchain as people demand greater control over their data through greater transparency, subsequently creating greater trust between business and consumer.


Author

Richard Heasman

Head of Marketing

Richard joined Kelly's in 2016 as Head of Marketing for Kelly's Storage Group. As a passionate marketer obsessed with innovation and digital journeys, Richard leads on the digital growth of the group.

Linked In