On May 25, the General Data Protection Regulation was brought into effect. A quick 101 about GDPR: its a comprehensive and rigorous European Union body that looks after personal data privacy. With such regulations at play, it goes without saying that it will certainly revolutionise how digital businesses function. As per a forecast by the International Association of Privacy Professionals, this regulation will resultantly create about 75,000 privacy jobs, and that about 500 companies listed on Fortune’s Global list will spend close to $8 billion to regulate their working as per the GDPR. Actually, the GDPR’s conception occurred in 2016, and after two years of rigorous transitions, it is finally here to stay.
The two main objectives of the GDPR are:
- To create a uniform data regulation framework within Europe
- To empower individuals regarding control over storage and use of their personal data
Obligations and rights
One of the chief introductory features of the GDPR is that it is creating certainly fixed protocols for “data processors” that include public as well as corporate entities. The goal is to provide more rights for individual users or “data subjects”.
Whether observing public organisations or private enterprises, it has been noted that both end up collecting data in a typical ’gold rush’, even without knowing what to do with this data. GDPR take a step against the specification of data processors, wherein processors have no need to collect data which surpasses the prerequisite and is directly useful for interactions with its customers. Article 39 of the GDPR states, data harvest needs to be “adequate, relevant and limited to the minimum necessary in relation to the purposes for which they are processed”.
Firstly, apart from demarcating the prohibitions, GDRP also administers organisational guidelines which data processors will have to act in accordance with here onwards. Secondly, all entities that qualify to be considered as a “data nexus” require to have a Data Protection Officer (DPO) who shall be responsible for managing conformity with the GDPR. As per Article 33, this DPO will be under the legal obligation to alert the supervisory authority whenever a risk to data subject’s privacy arises.
Blockchain and GDPR
The GDPR is believed to act a new-found boon of the Blockchain. Since both have several common goals, they are quite complimentary in nature to each other. Here’s are the common features between the two:
- Both aim at decentralizing data control
- Working toward tempering power inequality between centralized service providers
A highly promising prospect if the amalgamation of credible hardware and blockchains. Commonly, public blockchains replicate all the data and shares it with all machines in the network. Users fret over compromise of privacy and data deletion, which are very probable issues. To treat this problem, researchers are trying to figure a way for “trusted computing enclaves” like Intel SGX to provide secure and confidential data storage and privacy.
Associating public blockchains with trusted computing implies that data privacy can be ensured despite outside threats, with the blockchain acting as judge of who gets the access to that data. Since smart contracts mean no longer having to trust centralized service providers, data rights can be managed exclusively via the blockchain and trusted user hardware. There are several ongoing projects that are trying to twist the blockchain GDRP bane to boon. We hope that the future holds brighter avenues for this technology and a safer blockchain for the masses to participate in.