Using the Blockchain to manage GDPR consents

Dmitry Koval explains how blockchain can be used to facilitate consent management.

What is GDPR?

Private individuals, companies and public bodies are concerned about data security.The General Data Protection Regulation (GDPR) is the EU’s attempt to counter the perceived data threat.

The GDPR, which will come into force from May 2018, focuses on three areas:

1. Data storage. Data must be protected by the institutions and companies that hold it. Under the GDPR, the penalties for data breaches will be significantly higher – and data controllers must reveal any breaches within three days.
2. Personal data management. Users can now know everything about how their data is stored and used. Although companies could previously request consent with a check box, individual users must now be explicitly informed how their data will be used – and will have the right to be erased (or ‘forgotten’).
3. Data portability. Users will now be able to demand that holders of their data share it with whoever they choose. For example: if a consumer wants access to their health records in order to send them to a competitor, the company that holds the records must now provide it.

Slow uptake, big reluctance

Although GDPR comes into effect in May 2018, it is unlikely that it will be strictly enforced from Day 1. It represents a significant change, affecting many different processes; companies will probably try to find acceptable alternatives to full compliance.

Another possible issue is whether the public will take control of their personal data. Two thirds of European citizens are apparently concerned about data privacy but, in reality, very few are expected to instantly assume control of their data.

Companies that already control a lot of personal data, such as Google and Facebook, will want to keep this data; it is not in their interests to inform people what they do with it. The GDPR impact on these types of business is uncertain: although the regulations on new users are well-defined, the rules for those who have previously signed consent forms remain something of a grey area.

What is Blockchain?

Blockchain is a database which stores datasets (or long, complex numbers), each of which contains information that is relevant to the person initiating a data exchange, the data itself and recipient of the data. The numbers are saved on a database, which in itself has a few key features:

• It is a distributed list, which means that many sources of information (e.g., health data, bank details) can be stored within the same number. The database is automatically maintained; each data set is synchronised in real time.
• Any change made to any dataset is tracked, and must have the explicit consent of the dataset owner. Therefore, any dataset change is visible to all and can be tracked to source – making it impossible to change without leaving a trace.

How Blockchain can help people keep control of their data Blockchain offers total personal data management. Dlock (the Blockwise software) enables the return of data ownership to the user – through Blockchain. The proposal is to use Blockchain to enable each person to control their consent. The software keeps an irrefutable record of your data, including each time you give consent for it to be used. As more users take up the software, the system will store more data and become more useful to the individual, who will be able to track their consent through an app.

DISCLAIMER
By necessity, this briefing can only provide a short overview and it is essential to seek professional advice before applying the contents of this article. This briefing does not constitute advice nor a recommendation relating to the acquisition or disposal of investments. No responsibility can be taken for any loss arising from action taken or refrained from on the basis of this publication. Details correct at time of writing.