By Massoud Valipoor and Vidhi Kumar
Much has been written about GDPR and its impact in various areas of business, including the blockchain. The General Data Protection Regulation, or GDPR for short, was adopted by the European Parliament and the Council of the European Union in April 2016, and came into force on May 25, 2018. The May deadline had businesses across the board scrambling to make sure they were in compliance with the regulation. Of the many rights and rules that GDPR brings to the table, the stick of penalties stands out the most in almost all discussions.
On the lower level the fine for non-compliance are up to €10 million, or 2% of the worldwide annual revenue of the prior financial year, whichever is higher, while on the higher level they are up to €20 million, or 4% of the worldwide annual revenue of the prior financial year, whichever is higher. Having said that, the fine is the last straw in the process of non-compliance. The Data Protection Authority in each member country monitors compliance and in case the event that a business is non-compliant, they first issue a warning. This gives the business the opportunity to make amends at the very beginning. In case non-compliance continues, the next step is a reprimand. If the business still continues to be compliant, the third step is suspension of data processing. Only after all these steps have failed, does the issue of fine come into the picture. (More info on this)
The point of this article isn’t to stress on the cost of non-compliance, but to espouse the opportunities that GDPR has created by elevating the idea of data protection as essential and fundamental to the very debate on data. To us, at the heart of GDPR is the idea of data protection by design which requires that the default option built into the business processes for products and services be high privacy settings giving users the full access and rights to how their data is stored and used. As a user, you have been accorded the following rights over your personal data which you can legally exercise:
- The right to be informed on how your personal data is used
- The right to access your personal data
- The right to rectify your personal data
- The right to be forgotten and to delete your personal data
- The right to restrict / suspend processing of your personal data
- The right to port your personal data in a common format
- The right to object to the way your personal data is being processed
- The right to know in case of profiling or any automated decision making on your personal data
The regulation seeks to empower the individual and respect their personal choices when it comes to their own data.
The genesis of EOS, and indeed the very idea of blockchain, was to empower the individual. In this aspect, the GDPR serves as a tool of empowerment in our journey to build the fastest and most scalable blockchain platform. The release of the EOS mainnet coinciding with the implementation of the GDPR framework will give EOS developers a huge advantage over more established blockchains as they can start designing their DApps with GDPR in mind from the get-go, instead of trying to alter existing projects to fit the Regulation.
With the abovementioned in mind, it is fitting to look at an example of how GDPR might be implemented on EOS and how GDPR can provide both a challenge and an opportunity in relation to blockchain technology. Stay tuned for our next article which will delve deeper into this topic.