On the 25th of May, the General Data Protection Regulations (GDPR) entered into force in the European Union which creates one set of data protection rules for all companies operating in the EU.
The GDPR implies a more serious responsibility for non-compliance with the rules for the storage and processing of personal information and establishes global standards for data protection and regulates their cross-border transmission.
Briefly about the new law:
- The new rules apply to companies that are registered in the EU or work with personal data of citizens of EU countries.
- Any personal data that allows you to identify a person is protected. This can be, for example, name and surname, age, sex, year of birth, phone number, home address, photo, and any accounts on the site.
- The regulations do not apply to data collection for personal purposes.
- Companies are required to explain your rights, as well as specify the purposes of using personal information before agreeing to collect and process personal data. Companies also cannot change the use of data at their discretion.
- You can require the company to delete your personal data or prohibit them from using it if you, for example, stopped using the service or deleted your profile on the site, or if your data is already used for its intended purpose.
GDPR and blockchain:
- The aim of the GDPR is the decentralization of data storage and the accountability of digital companies to public institutions. Decentralization is a defining feature of the blockchain, which means that the new regulation will not bring any dramatic changes in technology and the system does not have a single provider with access to all user data through which it would be possible to hack into the entire system. Blocks with information about user transactions are in common use, copies are stored on all computers on the network.
- However, this gives rise to a potential problem for the blockchain. Since there is no single storage center, if the user needs to delete their data, this will require the participation of all elements of the blockchain. Thus, accountability becomes more difficult to implement. To solve this problem, companies are developing common storage centers.
- For example, Intel designed "trusted computer enclaves" to help store registry data centrally which provides access to information to a number of users who have a special program code. Analysts at Forrester Research believe that it is necessary to change the specifics of the network, making it possible to delete data directly from the blockchain.
GDPR was approved by the EU Parliament on April 14, 2016, and came into enforcement on May 25th of this year. This allowed organizations time to adjust and meant that organizations in non-compliance could face heavy fines. According to European experts, only for the implementation of the new law, Europe and its partners will need to hire more than 75,000 specialists.
By Ekaterina Ulyanova