The role of blockchain in security and data privacy

The imminent application of the recent GDPR (May 25th) modifies the European panorama in terms of security and privacy of personal data. Overall, the GDPR could be considered a "Digital Declaration of Rights". As we saw earlier, this Regulation lists the detailed requirements that any institution or individual that processes personal data from citizens of the 28 member countries must comply with, regardless of where that company is located.

GDPR increases citizens’ rights and puts limits to the power of “digital states” such as software platforms and those that make use of them. However, it also assumes centralized models of storage and transmission of digital data. Under the new decentralized blockchain paradigm, new challenges are opened to be resolved under the common framework of GDPR.

The use of blockchain technology brings us closer than ever to digital identity models, where the user is the main owner of their data. Currently there are many different implementations of blockchain. Not all of these implementations follow the original model of the Bitcoin network as a public and pseudo-anonymous network. Many blockchain technologies are specially designed to build private networks where there is a similar figure to the central authority, which grants identity certificates to operate in the network. It would be something similar to a special participant who is responsible for issuing digital IDs to the rest of the participants. In other words, many of the applications that use blockchain continue to operate using the centralized authority model. EU GDPR was designed for this model.

In the medium term applications aimed at end users will begin to proliferate, with the objective of complying with GDPR framework and data security and privacy using partial or total implementations of blockchain technology. For example, providers of data storage software products begin to emerge. On the one hand, this product will store user data in their database systems according to GDPR and, on the other hand, they will use blockchain technology to protect the metadata associated with the stored data.

In this same line, the Blockcerts standard pursues the development of an open source technology, which allows the exchange of user certificates (academic diplomas, criminal records, work certificates, letters of recommendation, etc.) through a blockchain. Under this standard, a user requests his work life certificate through a mobile app. The corresponding authority issues the corresponding certificate and the transaction is entered in the blockchain. Then the user can share his certificate with the hiring company. This company can verify the authenticity and validity of the certificate by its hash.

Therefore, Blockchain joins other technologies that can help companies facilitating compliance with GDPR, such as data tracking tools or security solutions that allow threats detection in real time. Thanks to GDPR compliance, organizations have the opportunity to optimize their information processes, making them safer and more transparent for citizens.

Content prepared by Alejandro Alija, expert in Digital Transformation and innovation.

Contents and points of view expressed in this publication are the exclusive responsibility of its author.