GDPR and Blockchain: Is the New EU Data Protection Regulation a Threat or an Incentive?

The General Data Protection Regulation (GDPR), a sweeping and stringent European Union (EU) wide legal framework for personal data privacy, became effective on May 25. Ready or not, this framework is going to drastically transform the business of any digital venture. The International Association of Privacy Professionals (IAPP) forecast that at least 75,000 privacy jobs will be created as a result, and that Fortune's Global 500 companies will spend close to $8 bln in order to ensure they are compliant with the GDPR. But what does this mean for the blockchain?  

The GDPR’s goals are: to create a uniform data regulation framework within Europe, and to strengthen individuals’ control over the storage and use of their personal data. It was adopted in 2016, and after a two-year transition period, is now in force.

Obligations and rights

The GDPR introduces new procedural and organizational obligations for "data processors" - including corporate as well as public entities, and gives more rights to “data subjects” - the term it uses for individuals.

Public and private organizations, when left to themselves, tend to accumulate data even before knowing what they will do with it, sort of "gold rush" in personal data acquisition. The GDPR goes against this habit by specifying that data processors should not collect data beyond what is directly useful to their immediate interaction with consumers. In effect, the data harvest should be “adequate, relevant and limited to the minimum necessary in relation to the purposes for which they are processed” (Article 39 of the GDPR).

Besides setting out what is or isn’t allowed, the GDPR also specifies organizational guidelines that data processors will need to adopt from now on. For instance, their technological architecture will have to erase by default consumer data after using it - "privacy by design".

Secondly, any entity considered to be a “data nexus” will be required to have a Data Protection Officer (DPO) responsible for managing compliance with the GDPR. This DPO will be under the legal obligation to alert the supervisory authority whenever a risk to data subject's privacy arises (Article 33).

Source from CoinTelegraph.com

http://www.nicenic.net
ICANN & CNNIC & HKIRC Accredited Registrar
Shared Hosting & Dedicated Server Provider (HK)