GDPR, blockchain and MPC: How Partisia Blockchain could help you stay compliant
In 2018, the European Union’s General Data Protection Regulation (GDPR) came into effect, causing a wave of changes to terms and conditions in your favorite applications across the globe. GDPR aims to increase people’s control and rights over their own personal information and heavily penalizes companies that infringe on these rights. Infringing on the rights of EU citizens laid out in GDPR could result in a fine of €20 million or 4% of the annual global turnover of an enterprise, so compliance is strongly incentivized. This new regulation is widely considered a major turning point in data protection and privacy rights, starting a policy diffusion of similar data protection laws across the globe. GDPR is law in every member country of the European Union and establishes a “single data market” within the EEA. Similar regulations have also been adopted in California, Chile, Japan, South Africa, Argentina, Turkey and Brazil, among others.
GDPR (as well as many of the similar regulations) involves multiple core tenets, among others setting out the principles for which personal data can be used and processed. Lawful purposes of the use of personal data and the digital rights that citizens have over their personal data. While there are many different compliance aspects of data protection regulations, such as GDPR, here are a few examples of how our technology could help your organization stay compliant:
How Partisia Blockchain helps to solve these challenges:
GDPR requires organizations processing personal data to transform the data in such a way that it cannot be connected to the person it was collected from (pseudonymization). Partisia Blockchain could help an enterprise disassociate a person from their (encrypted) data, assuring such pseudonymization through the use of multiparty computation (MPC) technology. This pseudonymization can also be done in a way to allow for continuous collection of data from the same individual, if required for e.g. a longer-term study.
Furthermore, the concept of MPC also can also aid in maintaining an individual’s control over their data, as e.g. the concept of MPC secret sharing can allow for useful outputs being generated without compromising the underlying data (see Multiparty computation: The beacon of privacy solutions explained). MPC (especially combined with a blockchain) can also therefore increase the security of personal data, as the data and calculations are all run in a decentralized fashion by nodes that are all independent from each other. Partisia Blockchain’s nodes and their operators are all independent, run independent systems and have been vetted for cybersecurity by Partisia Blockchain experts.
Another right laid out by GDPR is the so-called right of access. This is the right of people to be able to see how their data is being processed and with whom it is being shared. The ledger kept on a blockchain could help an organization provide an immutable record to ensure this right. For the same reason, the blockchain could help organizations provide the record of processing activities required for GDPR-compliance under certain circumstances as well. As opposed to some other blockchains, Partisia Blockchain also allows for the possibility of private data to be removed from the record. Essentially meaning that data entered into the blockchain can be erased later on, allowing for compliance with GDPR’s right of erasure (the right for people to have their personal data removed from a database).
Jurisdiction management v1.0
Lastly, the geographical location of servers used to process personal data could sometimes mean the difference between compliance and a criminal offense. Partisia Blockchain’s jurisdiction management v1.0 allows organizations’ developers to specify the geographic location of nodes to be used in calculating personal data. This could for example allow for private data from the EU to only be sent to EU-based nodes, ensuring that the integrity of the single data market and the data rights of EU-citizens are not breached.
Partisia Blockchain is committed to empowering others in solving real-world problems using our cutting-edge technology. Data rights and data privacy challenges are two of these problems.
Please contact us, if you have any questions about how our technology could enable data privacy or think we can help your organization in improving its data protection architecture.
Contact information: firstname.lastname@example.org