Will the New General Data Protection Regulations (“GDPR”) Be a Block in the Chain?

Yes, I know that I ooze wit, but seriously, on the 25 May 2018, the new GDPR will come into force, which replaces the current data protection regulations (irrespective of Brexit). The principle at the heart of the GDPR is that personal data can only be gathered under strict conditions for legitimate purposes. More importantly however, among other things, it gives people the “right to be forgotten.” With this in mind, how will the GDPR fit in with the blockchain? After all, isn’t the whole purpose of the blockchain to record the ownership of just about anything, by using a fully trustworthy peer-to-peer payment system, that provides a neutral, permanent, irrefutable, and more importantly, transparent, record of all transactions?  How can a data controller erase personal information on the blockchain?

It seems to me as organisations are forging ahead to be compliant by 2018, this new wide-ranging and challenging obligation needs a practical and universally agreed solution. Otherwise we are going to embark on a era of satellite litigation of what constitutes “reasonable steps” – against a backdrop of ever changing advancements in technology.

The solution may not rest with the lawyers alone (boo) – but a combination of legal drafting and a Blockchain platform which allows transactions/smart contracts to be created off-chain in stake channels, which protects people’s privacy.

We are in a strange new world. Who would have ever envisaged 20 years ago that lawyers (who are renowned technophobes – hence the reason why they became lawyers) and computer scientists (who love having to consider every analytical possibility when designing a code) would become ideal business partners …