As we edge ever closer to the implementation of the General Data Protection Regulation (GDPR) next month, it is becoming increasing apparent that blockchain technology is standing in a tenuous position. The GDPR plans to overhaul data protection regulations and redefine how organizations can process data on European Union data subjects.
In an attempt to increase data privacy, the GDPR mandates that companies need to have clear consent to not only hold data on their subjects but also to have the internal structure to report data breaches promptly. Companies that fail to do so will be subject to hefty fines. Fines can range from €20 million to four percent of a company’s annual revenue (depending on which is higher).
Given that blockchain technology is built to harbor data transactions, the GDPR is imposing its rules on data transfers via blockchain as well. Blockchain operates through an online immutable database, which is hosted, verified and controlled through a decentralized network. As a result of the GDPR data protection requirements, it is unlikely that an entire decentralized network will be able to adhere to the new regulations.
One of the fundamental principles of blockchain is that the user cannot delete data in any form. This is in direct violation of the GDPR, which asserts that individuals must have the right to change or delete their personal data. Therefore, organizations that use blockchain technology will be leaving themselves open to allegations of noncompliance with the legislation.
In addition to this limitation, it is also likely that even encrypted data will be constituted as personal data. This means that any personal data transferred through blockchain will be subject to the regulations of the GDPR. This raises concerns over the longevity of blockchain platforms and whether they can comply with these new requirements.
In the short term, the GDPR is a considerable barrier to adoption that has been placed on the marketplace. Companies may not be willing to invest in blockchain technology if they perceive there is a risk of non-compliance. Given the severity of fines many companies will make the decision to stay with traditional centralized databases.
However in the long term, blockchain technology has more than enough versatility to cope with the GDPR’s demands. New platforms are constantly emerging, and we can expect to see developers start to produce new blockchain platforms that are designed with GDPR compliance in mind.
Ultimately the massive potential of blockchain to redefine data transactions can only be slowed, not eliminated. Distributed ledger technology has the capacity to function under the GDPR. Sooner or later, blockchain providers will find ways to reconcile blockchain technology with the EU’s new privacy laws.