The new General Data Protection Regulation (GDPR) has caused quite a stir as there are some claims that the new GDPR regulations are incompatible with the Blockchain. At the moment, to a certain extent this is true; however, as the blockchain is a solution based architecture, there are ways that it can still coexist with GDPR regulations.
GDPR regulations incompatible with blockchain technology?
Currently, issues raised in regards to the compatibility between the two has come from the “right of erasure.” Anyone within the EU can request that any personal data held about them can be permanently deleted. This is also known as the “Right to be Forgotten” It is this issue that appears to be a flaw in the blockchain’s architecture.
Effectively, once data has entered onto the blockchain, it cannot be deleted. For blockchain gurus, finding a way to deal with this matter to create a GDPR compliant blockchain architecture has become the latest challenge.
One of the first obstacles European companies must overcome is convincing GDPR regulators that the deletion of data doesn’t actually mean deleting it. This would mean putting forward the notion that making data inaccessible is classed as the deletion of data.
The first solution – deletion of the encryption key
A solution that has been suggested is to delete the encryption key that allows access to an individual’s information. This would render their information unobtainable, and in effect, it would be lost in the Blockchain. There is an added benefit to this solution. One of the stipulations by GDPR means that deleting someone’s data entails removing all reference to their data on all backups, which applies to backup data stored offsite.
With the deletion of the encrypted key, there would be no need to delete backup up data, or it would just be a matter of removing the encrypted key from the archives. This creates a simple solution. Whether GDPR officials will buy this as a solution is remained to be seen.
The second solution – off-chain storage
Another solution that has been suggested is to keep data off the chain. The technology has already been discussed in detail at Researchgate.net. There are also some blockchain architectures already putting the notion of off-chain storage into action. One namely Liquidity Exchange that aims to offer companies and individuals that require off chain storage of information this very service.
Using an off-chain network may be counterintuitive when we consider the very reason the blockchain exists, but storing personal data off chain could be the compromise to ensure the blockchain and GDPR regulations can co-exist.
Off-chain storage would mean that companies or groups of companies could participate in the off-chain storage of personal data. When someone exacts their “Right to be Forgotten,” a form of hashing would be needed to make sure records are deleted. This solution would be to the determined of some features the Blockchain offers, but a worthy sacrifice for businesses that want to continue using the Blockchain.
At the moment, GDPR laws are only just coming into action. One thing is for sure, blockchain gurus are analytical, and the entire concept of the blockchain is to provide solutions. Expect plenty of new blockchain architectures to tackle the issue of GDPR regulations and come out with compliant blockchain systems for future coexistence between the two.