A team of our data privacy experts have collaborated with leading Wall Street firm Cravath, Swaine & Moore to produce a highly topical guide to the compatibility of blockchain solutions with the GDPR. The report was commissioned by the Center for Global Enterprise, a research institution devoted to the study of the contemporary corporation, globalisation, economic trends and their impact on society.
As tools for sharing data and managing workflow in secure, private yet transparent and auditable form, blockchain applications have potentially much to offer at an enterprise level. Research by the Center for Global Enterprise’s Digital Supply Chain Institute had identified, however, that successful adoption of enterprise-grade blockchain applications is for now a rare phenomenon. This is thought to be at least in part due to perceived difficulties in complying with data privacy regulations. Some commentators had suggested there was a fundamental incompatibility between the GDPR, which legislates for the right to be forgotten, and the immutable nature of data in a blockchain.
The report concludes that this is not in fact the case: blockchain applications can be compatible with GDPR strictures. While some of the challenges presented by privacy regulation to blockchain solutions remain unsolved, the report argues that a blockchain which respects the fundamental principles of data protection and privacy is achievable, examining a real-world use case from the shipping industry, and setting out four guiding principles for businesses to follow in order to implement GDPR-compliant blockchain solutions.
We hope the report can aid lawmakers and regulators in the UK, EU and US, as well as providing thought leadership for the business and technology communities.
You can access the report here.
Blockchain...when applied properly is a powerful cross-enterprise transformation instrument. However...success stories remain elusive because of difficulties in forming the Blockchain ecosystem or network, determining network and data governance, and complying with government data regulations.