Could blockchain be the key to unlocking GDPR?

This article originally appeared in GDPR.report on 21st August 2017.

A looming deadline

Governments throughout the world are confronting the very real threat that large-scale data breaches pose, and are consequently tightening the laws around how personal data is recorded, stored, distributed and destroyed.

Despite garnering its fair share of column inches, there is still a general feeling of unpreparedness among businesses in Europe regarding the imminent enforcement of one such law: the General Data Protection Regulation (GDPR), coming into force in May 2018. In fact, the results of a recent IDC survey show that a staggering 78% of companies either lacked understanding about the impact of the regulation or were completely unaware of it.

This ‘head in the sand’ mentality could be costly for some. Once GDPR comes into force, organisations that fall foul of a data breach face potential fines of up to 4% of annual worldwide turnover or €20m, whichever is greater.

Mitigating the threat

So what can be done to mitigate the ever-increasing threat of data breach? For even those organisations that understand GDPR, few seem to know which products and solutions can protect them. To make things even more complicated many vendors seem to focus on how their solutions can help post-breach, rather than how they can help mitigate it. This is, after all, what such legislation is actually designed to do.

Complexity and volume

Digital transformation is a reality of doing business today. The complexity and volume of data will continue to rise and those that embrace it will succeed and flourish. However, it’s also time to rethink how businesses manage Personally Identifiable Information (PII) ahead of the GDPR coming into force.

Inward-looking, silo-oriented infrastructure that builds perimeters around a business’s key data assets to protect from external threats may have worked in the past – but now they only act to build barriers to them realising the true value of their data capital. Increasingly, employees will find workarounds to achieve their data sharing needs through ‘shadow IT’ – under the noses of the IT departments.

This presents businesses with a quandary, how can they protect their data so that they can avoid data breaches (and the resulting GDPR fines), whilst also being able to unlock the business value within?

Unlock the Blockchain

The answer is coming from an unexpected quarter: the public ledger technology on which the famous digital currency ‘Bitcoin’ is built, known as the blockchain. Blockchain verifies the validity of transactions to provide an effectively permanent, incorruptible and irreversible record, leaving no room for fraud.  That same distributed ledger technology (DLT), as it is more formally known, is now being developed for use in closed, permissioned groups to derive the consensus validation that the public blockchains rely on to maintain that integrity.

Some observers have hailed blockchain technology previously as a solution without a problem. But in the last few months, we’ve seen a surge of interest from a number of industries, with most of the world’s biggest banks admitting to undertaking ongoing trials, and a new breed of collaborative open-source platforms allowing the development of the technology outside of its cryptocurrency roots.

By developing private, permission-based blockchain solutions that determine who gets access to what data and when backed by that tight consensus-based cryptography, this technology can overcome the complex GDPR challenges like the ‘right to be forgotten’ and individual ownership of consent.

In my view, the ‘problem’ of a data breach in an increasingly decentralised world, and adhering to the tough new GDPR legislation, could be exactly where these new “enterprise” variants on the blockchain could really deliver a practical solution, unlocking those difficult issues.

Your most valuable asset

In an increasingly digital future, data is your enterprise’s most valuable asset. Those who succeed will be those who can confidently and efficiently leverage their data capital while complying with GDPR.

Those who continue to build walls will get left behind, and those who don’t do enough to protect their sensitive data could find themselves heavily punished. I believe that blockchain and its native capabilities addresses both concerns, and will become the foundations for best practice data governance in the ever-expanding new data culture.

By Ian Smith, Founder and CEO of Gospel Technology.