GDPR-Compliant Blockchain: Personal Data Privacy in Blockchain
GDPR (General Data Protection Regulation) was enforced by European Union (EU) on 25 May 2018 with the main purpose of giving full rights to a person to whom the data belongs to. These rights include right to access, right to rectification, right to erasure, right to restriction of processing, right to be informed, right to data portability, and right not to be subject to a decision based solely on automated processing including profiling. GDPR applies to all those organizations where EU citizen’s personal data is involved, irrespective of the fact that whether the organization is inside or outside the EU. If a business has to be done with the EU, the company has to follow GDPR. In the last two decades, GDPR is possibly the most massive change in data privacy regulations. GDPR ensures that an organization uses personal data responsibly and transparently to the user from its acquisition to deletion. An organization must follow appropriate technical measures to protect personal data security and privacy. An architecture has to support personal data privacy by design. Because of which, the first question that comes to our mind is “What is personal data?” According to GDPR, the basic definition of personal data is as follows-
“Personal data is any information relating to an identified or identifiable natural person (data subject).”
In other words, personal data is the data that can directly or indirectly identify an individual. The list of personal data includes name, phone numbers, date of birth, gender, race, IP address, credit card numbers and so on. The special category of personal data includes health data, genetic data, biometric data, sex life data, political beliefs and others. This special category of data is considered as highly sensitive data and must be handled with the highest security standards.