Document Preview
  • Full Text
  • Trade Journal

Is it possible to comply with GDPR using blockchain?

Jackson, Olly.  ; London (May 2, 2018).

Full text preview

How damaging is the regulation to distributed ledger technology and how to reconcile the two

The General Data Protection Regulation (GDPR), due to come into force on May 25, could put the brakes on the rapid progress of blockchain. While GDPR has disrupted the business models of all different types of companies in different sectors, companies relying on blockchain or distributed ledger technology more generally (DLT) could be the ones to suffer the most. Nevertheless, there are ways to reconcile the two but it requires companies to be inventive.

Hogan Lovells partner John Salmon said while it is difficult to reconcile GDPR and blockchain, it is not impossible.

“The right to be forgotten is not an absolute right: there is a legitimate interest test that if satisfied, means that the right does not apply,” he said.

Companies also have the option of choosing a legal ground other than consent, such as legitimate interest, which would make it easier to comply with GDPR while using blockchain. This is a route that, according to Salmon, many companies are taking.

Blockchain has been increasing in popularity, gaining the approval of many global banks and other financial institutions. It is a decentralised and public database used to record data, used originally to issue bitcoin. Hackers can’t tamper with because it is decentralised. Each time information is added another block is created, which includes the information or hash (a cryptographic key of a block) of the previous block. When data within a block is changed, the hash also changes. This means it is obvious to all nodes – or users – if and when information has been altered. 

For a hacker to change information, they would have to gain consensus from all nodes, tamper with every single block on the chain and redo the ‘proof of...