Blockchain + GDPR = TRUE ❤️ - TRUE

Blockchain + GDPR = TRUE ❤️

Blockchain + GDPR = TRUE

Patrik Slettman outlines why GDPR and blockchain are compatible.

“Blockchain by itself is not an obstacle to follow data rules and compliance. It’s simply a technology that is best used by people with good intentions, much like most technologies today.” 

When presenting our SaaS-platform that allows organisations to automatically generate, issue and store blockchain-secured documents, we have found that we also need to explain how we use blockchain for storage in a compliant manner, as the technology is inherently immutable. The problem is, when the topic of Blockchain and Web3 comes up, some people simply turn off and stop listening.  If you also add GDRP to the conversation people’s eyes get hazy and they start looking for an exit 😉.

And we get it. We all have different interests. Not everyone is fascinated by latest technology involving data storage. Many of us simply want to know why ‘the new is better than the ‘Old’ – and the rest doesn’t matter. I mean, that’s how I feel about my shampoo – my microwave and even my phone. If they work – I’m good.

With that said, let me take a stab at explaining how GDPR and Blockchain are compatible; in many ways a perfect match. I’ll try to do it in a straightforward way, with as few jargons and layers as possible.

GDPR Basics

GDPR, or General Data Protection Regulation, is the privacy and data protection regulation that came into effect in EU on May 25, 2018.

The goal with GDRP is two-fold.
1: it aims to facilitate free movement of Personal Data between EU’s States.
2: it establishes a framework for rights of protection for the personal data used and stored.

So how is GDPR laid out to achieve these goals?
Firstly: GDPR is based on the underlying assumption that for each personal Data Point stored, there is at least one legal person, a ‘Data Controller’ – who can be contacted by the person whose Data is stored, to help enforce that person’s rights under EU Data Protection Regulation.
Secondly: GDPR is also based on the assumption that the stored Data can be modified or erased, when necessary, to comply with legal requirements.

Blockchain Basics

For starters, there are many different blockchains. Blockchain is a technology, not a brand, and can vary greatly in complexity and be made for different purposes. At TRUE  we use Ethereum, Fantom and Polygon right now, but we will expand and connect with others in the future.

The technology of blockchain is in essence a distributed database that consists of many storage units (nodes) where you can store code (data). Once data has been stored in a unit, the data can’t be modified. Exactly why that is have been explained well on numerous other websites by experts. To understand that blockchain is compatible with GDPR, all you need to know is that the stored data can’t be changed.

Also, a blockchain can be owned by a company, or without a centralized owner, like the public chains we work with currently.

The goal of blockchain (or a distributed ledger) is to allow digital information to be stored on it, but never changed. Blockchain is an immutable ledger (storage), Which also contains a documentation-protocol for every storage on it (a type of tracking), which cannot be changed or destroyed.

Blockchain + GDPR = TRUE ❤️

Data is stored openly on blockchain, but we make sure to first encrypt it, before uploading it. Encryption can be done in many ways. At TRUE we use an encryption called SHA3 (or SHA256). After encryption, what is uploaded on the chain is a string which in itself has no value or meaning.

All organisations using TRUE, function as the ‘Data Controller’ (see GDPR above) and can easily remove all transaction-data which connects a person to the encrypted data on the chain. This will render the data stored on the chain completely useless. What is left there ‘forever’ is an indecipherable string – which can never be read again. To change a document issued with TRUE’s technology, the faulty documents first needs to be removed, then a new and correct one can be issued (we also make sure that the same document can never be issued twice).

TRUE clients can remove personal data (and documents) if a Recipient requests their data/document to be removed. Everything done in TRUE dashboard is always tracked and logged, so that if something “weird” were to happen, it is easy to look in the log and track why something happened.

Advantages of blockchain

The advantages of using blockchain in this way are many; most argue that security and privacy are much greater using blockchain than any regular database.

Blockchain technology is already disrupting -and will continue to change industries of all kinds. From Supplychain Management, to Banking and Fintech, Healthcare, Insurance, and of course: Document Management.

Regardless of the type of chain, if it’s a decentralized like Ethereum or Polygon, or owned and managed by a company like IBM (Hyper Ledger), the use cases and implications of the technology are vast, and growing.

Blockchain in itself is not an obstacle to following data rules or other regulations. It’s simply a technology that is best used by people with good intentions, much like many other technologies today.

Documents posted online

The technology of posting documents online and securing the meta data using blockchain is fairly new, and allows for new possibilities. For example, many people can view a document posted online at the same time, and it cannot be lost, stolen or falsified.

The owner (recipient) of the document can choose if it should be public, or set behind a password. AT TRUE, we have also created an in-between status of documents; where the 1:st page is public, but the pages behind which can contain more sensitive information, are hidden. This feature is liked by University students, who can show and share that they graduated for a school, but do not need to show their grades, for example.

 

Document with restricted access (pages behind the 1:st are hidden).  

Recipients in full control

When receiving a document (and any time after) the Recipients can hide the published document behind a password. For anyone to view it, the Recipient needs to send them both the link to the document, as well as the password to access it. 

 Accepting a Diploma

 

Password Protected Document (all pages are hidden).


Read more about TRUE Data Security.