Blockchain and GDPR/ PDPA data protection legislation:
GDPR is a general data protection regulation in EU law that was adopted in 2016. It seeks to facilitate the free movement of personal data under an established framework of fundamental rights protection. In response to global trends towards personal data privacy (such as GDPR), Thailand established the PDPA as a personal data protection act, which has been in effect since May 2020. Blockchain for GDPR/PDPA compliance is an application gaining increasing attention from businesses across industries.
Blockchain is a type of distributed ledger technology (DLT) that acts as an immutable, decentralised ledger of records and transactions. The technology bundles validated transactions into a sequential chain of time-stamped records (a.k.a. ‘blocks’) that are algorithmically secured from alterations or tampering. Validated data is stored in a private permission distributed ledger (PPDL), which is an encrypted database of records synchronised in real-time, accessible across geographies by a controlled network of members.
Blockchain for GDPR/ PDPA: helping brands comply
The role of blockchain in GDPR/PDPA compliance and exact use cases vary from industry to industry. However, there is consensus around blockchain as a new, more secure way of storing and processing large quantities of data. The enormous potential of DLT in consent management is, in essence, to return data rights back to the original data owner in a decentralised ecosystem that eliminates single-source ownership. Using DLT, customers can choose to give companies access to certain information from the blockchain, revocable at any time. Individuals can control who has the key to their data and manage varying consent levels across different parties. Private permissioned distributed ledgers are ultimately creating new mechanisms for storing and processing individuals’ sensitive information. As potentially the strongest ally for businesses in meeting privacy and protection legislation, embracing distributed ledgers to achieve privacy-by-design is sure to satisfy the greatest of regulatory demands, through blockchain as a;
- Control bestowing tool
- Data ownership transferrer
- Compliance coordinator
- Data governance instrument
- Data protector by design
Distributed ledgers designed for consumer privacy rights
The European Commission has indicated that blockchain could be the enabling technology for protected data-sharing models. The main features driving this potential is that blockchains can; enable data-sharing without requiring a trusted intermediary, offer transparent information as to who has accessed data sets, and automate the sharing of data via blockchain-based smart contracts. Distributed ledgers designed with consumer privacy rights in mind can offer significant advantages to ultimately achieve greater granularity over the management and distribution of data. DLT guarantees secured, self-governed data and embodies an effective solution for the data-protection-by-design provisions set out in GDPR/PDPA legislation. Distributed ledgers provide the original data owner with control over what they themselves and what others can do with their personal data. In this way, data subjects can both decide who has the key to their personal information and then monitor how data relating to them is used. DLT achieves these dual objectives, which are often hard to pursue in practice. Blockchain use cases for improved personal data control are on the rise; particularly in healthcare, supply chain management, and the financial services industry. In real-life healthcare use cases, blockchain and DLT are used to secure uploaded health data, manage personal data access control (via decentralised permission management protocols), record all access activity, and remove sensitive records from third parties when consent is withdrawn.
Privacy controlled with private keys…
Purposefully designed blockchain and distributed ledger technologies offer data protection advantages capable of achieving GDPR/PDPA objectives. Blockchain bestows a private key to the data owner that enables them to both retain ownership of their personal data and control third-party access on a case-by-case basis. Overall, DLT brings shared transparency and individual sovereignty to personal data management in the data-driven economy by enabling users to retain control over all personal data that relates to them.
Discover SDLT Consent:
Our blockchain service for GDPR/PDPA compliant privacy and personal data management
Manage your privacy and personal data management with our Consent platform that provides the highest standard of protection for personally identifiable information (PII). Seamlessly traverse data protection regulations such as GDPR and PDPA with an accurate, transparent, and auditable record of metadata. Consent enables the information owner to control usage parameters of their personal information (i.e. grant or revoke consent) to ensure that organisations can better protect their staff and customers.
To find out more about how SDLT can develop customised blockchain infrastructure to help with your consent management solutions, please contact Adrian Apperley directly at +66 (0) 8 1751 8308 or through .
This piece is a little different from our usual ones about potential technological applications that can benefit businesses.…