When we present our SaaS-platform used to generate and issue secure digital documents, we have found that we need to explain how TRUE use blockchain as storage, when the technology is inherently made to be immutable. The problem is, at times when speaking about Blockchain and Web3, people simply “turn off”. They stop listening. Add GDRP to the conversation and people’s eyes get hazy and they start looking for an exit 😉 !
We get it. Everyone has different interests. We can’t all be fascinated by how the latest data storage technology work. Many of us simply want to know why the ‘New’ is better than the ‘Old’ – the details doesn’t matter! I mean, that’s how I feel about my shampoo – even my laptop and phone. If they work – I’m good!
With that said, let me take a stab at explaining how GDPR and blockchain are compatible, in many ways a perfect match. I’ll try to do it in a simple and straightforward way, with as few technical layers as possible.
GDPR, or General Data Protection Regulation, is the privacy and data protection regulation that came into effect in EU on May 25, 2018.
The goal with GDRP is two-fold.
1: it aims to facilitate free movement of Personal Data between EU’s States.
2: it establishes a framework for rights of protection for the personal data used and stored.
So how is GDPR laid out to achieve these goals?
Firstly: GDPR is based on the underlying assumption that for each personal Data Point stored, there is at least one legal person, a ‘Data Controller’ – who can be contacted by the person whose Data is stored, to help enforce that person’s rights under EU Data Protection Regulation.
Secondly: GDPR is also based on the assumption that the stored Data can be modified or erased, when necessary, to comply with legal requirements.
For starters, there are many different blockchains. Blockchain is a technology, not a brand, and can vary greatly in complexity and be made for different purposes. At TRUE Original we use Ethereum and Fantom right now, but we will expand and connect with others in the future.
The technology behind blockchain is in essence a distributed database that consists of many storage units (nodes) where you can store code (data). Once data has been stored, the data can’t be modified. A blockchains can be owned by a company or without a centralized owner.
The goal of blockchain (or a distributed ledger) is to allow different digital information to be stored on it, but never changed. Blockchain is an immutable ledger (storage), Which also contains a documentation-protocol for every storage on it (tracking), which cannot be changed or destroyed (secure nature).
Blockchain + GDPR = TRUE ❤️
Data is stored openly on blockchain, but we make sure to first encrypt it data before uploading it. This can be done in many ways. At TRUE we use an encryption called SHA3. After encryption, what is uploaded on the chain is a string which by itself has no value or meaning.
In essence TRUE functions as the ‘Data Controller’ (see GDPR above) and can easily remove all transaction-data which connects a person to the encrypted data on the chain. This will render the data stored on the chain completely useless. What is left there forever is an indecipherable string – which can never be read again. To change a document issued with TRUE Original’s technology, the faulty documents need to be removed first, then a new and correct one can be issued (we have also made sure that the same document can never be issued twice).
Both our customers and we (TRUE) can remove personal data (and a document) if a Recipient requests their data/document to be removed. Everything done in TRUE dashboard is always tracked and logged, so that if something “weird” were to happen, the other users can see who did what.
Advantages of blockchain
The advantages are many, most argue that security and privacy are much greater using blockchain than any regular database. Blockchain is already disrupting – and will continue to change industries of all kinds. From Supplychain Management, to Banking and Fintech, Healthcare, Insurance, and of course: Document Management.
Regardless of the type of chain, if it’s a decentralized like Ethereum and Fantom without central ownership, or one that is being managed by a company like IBM – Hyper Ledger, the use cases and implications of the technology are vast – and growing.
It’s important to understand that Blockchain by itself is not an obstacle to following data rules or other regulations. It’s simply a technology that is best used by people with good intentions, much like many other technologies today.
-Patrik Slettman, Founder