Blockchains Can Be Compatible with GDPR

In a new study by the Queen Mary University of London and the University of Cambridge has determined that it is possible to create private blockchain applications that comply with European Union General Data Protection Regulation (GDPR) laws.

According to the study, it seems that GDPR poses as a difficult hurdle for companies in the EU that want to delve into blockchain for processing personal data. Currently, GDPR fines can run as high as £17m, or four per cent of global turnover, whichever is highest.  Despite the legal landmines that come with operating around GDPR, the study found that it is possible to design compliant blockchain applications.

The purpose of GDPR, is to give EU citizens authority over their personal data. The new law gives individuals the power over a company to alter or delete personal information. However, this poses a conundrum for the blockchain space as data can neither be changed nor removed in the blockchain due to its immutable nature. This puts many provisions in the legal structure in direct conflict with the fundamentals of the blockchain.

The study by the Queen Mary University of London and the University of Cambridge believe that they have found a way for blockchain to remain compliant with GDPR. The method would require companies to “delete” personal information on a private blockchain through encryption.

According to the official website of the Queen Mary University of London:

“Promising examples include encrypting entries and then deleting the relevant decryption keys – leaving only indecipherable data on-chain – or using so-called ‘off-chain’ storage models.”