7 min readWhat happens to the personal information that you share with financial institutions like banks and insurance companies, email and service engine providers like Google, and social networking sites like Facebook and Twitter? How is it shared and monetized and, more importantly, do you have any say in it?
Personal data ranges from basic information like name and address, to trends like your shopping choices, places you visit, people you interact with, and even your internet IP.
Companies use information collected about you to find out more about your preferences, to conduct research for new product releases in a bid to achieve goals like targeted marketing.
For instance, with data on a customer's age, marital status, and income, a bank can narrow down who will be more attracted to a loan facility they want to offer, like a mortgage targeting new homeowners. Customer-oriented services have been doing these for years, and you may already be familiar with the marketing emails that keep popping up in your spam folder. There has been an increased demand for effective regulation to protect the individual. That's where the Global Data Protection Regulation (GDPR) comes in.
How the GDPR Works
As long as you're an entity dealing with personal data and offering services for European citizens, the GDPR applies to you. This data ranges from basic identity information (names and ID numbers, web data such as IP addresses, RFID tags, cookie data, and biometric data) to information such as political opinions and even an individual's sexual orientation. The company is meant to collect the minimum details required in order to deliver the service. Moreover, access to the information will be denied unless the affected individual has been notified and has provided permission. The emphasis is that the banks, social media networks, and other companies are only custodians of the personal data—not the owners. Coming into enforcement on 25 May 2018, non-compliance to the GDPR attracts hefty penalties with fines of up to €20 million depending on the level.
Features of Blockchain That Will Enhance Data Protection
The value of blockchain technology, from decentralization and digital signatures to cryptographic security, is not just limited to cryptocurrencies like Bitcoin. It can be employed in protecting personal data as GDPR comes into enforcement. Here’s what blockchain technology brings on board:
1. Encryption and hashing
These are fundamental to blockchain technology. Hashing is a one-way transformation, where information is changed into an unreadable piece of data: the hash value. Encryption allows there to be a two-way transformation, where an individual can encrypt the data using a certain key, making it unreadable, and use the same key to decrypt the data and make it readable again. As such, it is the individual with the key who retains control over the accessing and sharing of the data. This meets the "Right to Consent" provisions of GDPR, ensuring identity authenticity to enforce read/write access rights.
2. Immutable transactions
Transactions cannot be changed once they are written on the blockchain. By its nature, a blockchain is a distributed database, which maintains a continuously growing list of records in blocks. Each block comes with a timestamp and link to the previous block, and is resistant to data modification. The ordered records allow for traceability, allowing efficient regulation, and making blockchain a governance-friendly technology, crucial for the success of GDPR regulations.
3. Decentralization
The current system of third parties collecting and processing data makes it vulnerable to cyberattacks, which can result from just a single point of failure in the system. With blockchain this issue is resolved, since it is a decentralized technology, hence there is no risk of a single point of failure.
Blockchain Technology for the GDPR
Now that we know the benefits of the technology, how are they applied to the GDPR directly?
1. Protection of personal data
With the GDPR directive, there are clearly defined rights of the individual. Moreover, there are strict obligations for the institutions, companies, and service providers that are collecting and processing the data. These come with compliance assessment mechanisms, and penalties when they are breached. In order to improve on data protection, the GDPR ensures that consent to process data is only granted after clear and affirmative action. This is a core aspect on blockchain, with digital signatures being required for read/write access rights.
In addition, with the GDPR, in the event that the information is compromised, the affected individual has the right to be notified. The regulations limit automated data processes that make decisions which can harm the individual. It also ensures that strict safeguards are implemented when personal data is being transferred outside the EU. The collected data can also be rectified and re moved, with the enforced right to be forgotten and permanently erased. For instance, Facebook's 300 million European users will be able to control how their details ranging from the phone number and addresses, birth dates and schools are accessed—when, by whom, and why. Facebook will be required to delete these details upon request, and be able to prove that they have actually done so.
2. Increased business opportunities
Customer trust is a delicate issue. More and more people are concerned about their personal data being used for fraudulent purposes—from credit card theft and tax fraud, to insurance and medical identity theft. In fact, a survey on EU citizens conducted by Directorate-General for Justice and Consumers showed that 62% of the respondents didn't trust their internet service providers (ISPs), while 63% said they didn’t trust online businesses when it comes to protecting their data. Decentralization and cryptographic security that comes with blockchain boosts customer trust when engaging financial institutions, government bodies, and online service providers, which consequently exposes them to a wider market. This is one of the main goals of GDPR, and blockchain enables it to be realized.
Implementing GDPR across the 27 EU member countries is also the launching pad of the Digital Single Market Project. Since personal data will be protected, citizens and businesses will be able to realize the full potential of globalization and e-commerce in an age of cloud computing and IoT. These measures couldn't have been timelier. It's a single set of rules that, unlike its Directive 95/46/EC predecessor, cannot be customized by the individual countries. Hence, there will be seamless integration from one region to the next, and clarity regarding how and when EU regulation applies to the data controllers that are outside the EU. This is also welcome news for small and medium-sized enterprises (SMEs), as they will be able to dive into the digital single market more easily.
3. Enhanced efficiency in rule enforcement
With standardized and unified data protection requirements, citizens and business can raise queries and report compliance issues to one agency in multiple locations. That means that the protection authority next door can be contacted and offer the same services as one that is on the other side of the continent. This also simplifies international data transfers. Reducing the bureaucratic paperwork will further cut down on costs, allowing businesses to channel these resources into more lucrative investments.
Enter Persona Blockchain
With persona blockchain, an individual's identity gets to be authenticated on a tamper-proof ledger system. The identity is associated with an encrypted code, and only the individual has the private key. This removes the need for the middle-man. Meanwhile, it ensures that companies and institutions that require the information for their processes (such as KYC), will be able to access it once the individual gives them permission.
For instance, you can reveal selected information to third parties for offers such as discounts on tickets and access to premium account benefits with just an email account, without needing to divulge all your personal information. Data such as credit rating profiles, reputation management systems, and medical records can be attached to the basic account profile; further allowing you to access more services securely with your preferred level of anonymity. For example, you can allow a lender to access your credit profile, or provide your doctor with your medical records while proving your identity as needed.
Using blockchain for personal identity not only makes the process easier and more efficient, it also locks out cyber thieves who make billions annually selling private data. The blockchain puts the individual in full control of their data, and only they can decide who to share it with, and how to monetize it.
Interested in learning more about the value of blockchain for your business? Contact SoftServe today.