Speaking at the IRMS Conference in Brighton, Dyann Heward-Mills, CEO, HewardMills focused on emergence of Blockchain, and the need for GDPR compliance.
She called the relationship between the regulation and distributed ledger “critical” as data protection officers need to understand its impact, how it sits with data subject rights and the Right to be Forgotten.
“Critical is the implementation of privacy by default and design with the technology,” she said. “When presented with a technology like Blockchain, what does a DPO do? Well you conduct your data protection impact assessment over the technology.”
She agreed that it is “very robust and secure and unlikely to be encountering challenges” regarding loss of personal data, but how does it sit with data retention?
From a regulatory perspective, Heward-Mills acknowledged that there is no central regulation required, but is it desired? In terms of how GDPR applies to Blockchain, she asked the audience if encrypted data and metadata is still considered to be personal information?
“Where there are decentralized systems, how does the legislation actually apply? Is it still fit for purpose?”
Looking at the key principles, she rated Blockchain against the principles of Article Five of the GDPR:
No tags.
