Finding a GDPR solution in the blockchain

With the implementation of the General Data Protection Regulation, we are entering a new era emphasising data security and customer control over personal information.

GDPR gives customers the right to compel businesses to delete any trace of their information from company servers (known as the right to be forgotten) and creates real incentives for more secure storage and handling of personal data.

Any company that handles the data of a single European citizen must comply with GDPR or incur incredibly costly fines that begin at €10 million for minor infractions. The scope of the legislation is not limited strictly to Europe, but rather to any business or service that welcomes EU citizens as users – a welcome development, given that the proliferation of major breaches of business databases occurs on a global scale.

The threat of data breaches is a pressing matter that companies need to address – in the past year alone, we’ve seen even those businesses initially thought to be ‘too big to fail’ face the catastrophic consequences of being compromised: from Equifax to Facebook, it’s become increasingly clear that this mentality is broken.

Between the threat of such breaches and the substantial penalties of contravening GDPR rules, businesses should be highly motivated to find new security solutions that eliminate the vulnerabilities associated with centralised databases. A large part of the issue, when dealing with the incumbent infrastructure, is that troves of personal user information are held by a single entity. This creates a highly lucrative target for hackers or other malicious parties (whether inside or outside of the company) to breach company servers, siphoning valuable information for resale or for use to fraudulent ends.

I’m a firm believer in the potential of blockchain technology to mitigate such risks. Using decentralised ledgers and zero-knowledge storage, a system can be created that allows customers to regain full control their personal information, revealing only what they choose to. With a blockchain-based system, the individual (and the individual alone) has the power to unlock their data (think of it as a private, encrypted cloud). There is no need to share the data in the first place, as the information and transactions can simply be verified using attestations on the distributed network.

Ultimately, blockchain technology can eliminate a host of data storage problems for businesses, because the blockchain makes it possible for companies to enter into transactions with customers without having to store sensitive user data within their systems. If companies aren’t storing user data in the first place, it can’t be stolen from them in a breach and they can’t run afoul of GDPR rules.

Not only does this free businesses from worries about data security, it frees up their time and resources to focus on other things, allowing them to focus on their core business, pursue innovation and take advantage of opportunities. From the user side, it offers peace of mind and empowers customers to conduct transactions with confidence.

We have only begun to scratch the surface of the possibilities for blockchain technology. It’s time to embrace the data security solutions that the blockchain can offer.



By Alastair Johnson , CEO, Nuggets

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.

For more information on upcoming events, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.