What is GDPR and How Will it Affect Blockchain Related Services?

A new regulation came into effect in May 2018, and although the measure is based in the European Union, it can have repercussions for the Blockchain industry worldwide.

What Is The GDPR?

The General Data Protection Regulation (GDPR) is a broad and rigorous legal framework of the European Union (EU) for the privacy of personal data, which became effective on May 25. This framework will radically transform the business of any digital company. The International Association of Privacy Practitioners (IAPP) projects that at least some 75,000 privacy jobs will be created as a result, and that companies on the successful Fortune Global 500 list will invest close to $ 8 billion, to ensure they are compatible with the GDPR. But how will all this affect the Blockchain industry?

The objectives of the GDPR are: to create a framework for uniform data regulation within Europe, and to reinforce the control of individuals over the storage and use of their personal data. It was adopted in 2016, and after a transition period of two years, it is already in force.

The GDPR introduces new procedural and organizational obligations for “data processors” – including business entities, as well as public entities, and gives more rights to the “holders of the data” – a term used for individuals.

Public and private organizations, when left to their own devices, tend to accumulate data, even before knowing what they are going to do with them, a kind of “gold rush” in the acquisition of personal data. The GDPR goes against this habit, specifying that data processors should not gather information beyond what is directly useful for their immediate interaction with consumers. In fact, data collection must be “adequate, relevant and limited to the minimum necessary in relation to the purposes for which it is processed” (Article 39 of the GDPR).

In addition to establishing what is allowed or not, the GDPR also specifies the organizational guidelines that data processors will have to adopt from now on. For example, your technology architecture will have to delete the consumer's data after using them; “privacy by design”.

And What About Blockchain?

“Some blockchains, as they are currently designed, are incompatible with GDPR.” The statement, made by Michele Finck, an EU Law Professor at the University of Oxford and probably the author of some of the most influential papers on this issue, put on the table one of the problems facing this technology, a few days after the entry into force of European data protection regulations.

In the case of the blockchain infrastructure, it is distributed and based on a protocol. In contrast to the centralized option, in which there is a central server that services and stores the data, decentralized networks that offer this computing power do not know each other, they simply join a protocol.

In the case of Bitcoin (BTC), for example, this role is played by the well-known miners who decide to put their servers and synchronize them with others to compete while they enable that blockchain that supports a single application (in this case, bitcoin). The first one to calculate and mine the hash of the block, takes the coin or the prize. For example, from the GDPR point of view, they are limited to synchronizing and hyper-replicating the information.

Although it is not simple, there are always different solutions which are being developed especially for private blockchain in many terms, although for public ones, such as the one supported by Bitcoin, there does not seem to be any possibility of adapting or modifying the technology. But it is not so clear that GDPR can be applied to this type of cryptocurrency.