Blockchain Companies Brace For GDPR Impact On Business

Blockchain, FinTech, News, Regulation | May 16, 2018 By:

The European Union’s General Data Protection Regulation (GDPR) has a May 25 deadline, and it’s sending companies scrambling to comply with the new privacy regulations governing interactions with European residents. Severe financial penalties apply to those who do not implement the new regulations, and there’s no shortage of litigious actors waiting in the weeds for the compliance deadline.

BlockTribune talked with several industry companies about what they are doing to prepare for the new law.

Patrick Gray, Founder and CEO of HashChain Technology, a global blockchain technology company:

1)  What do you expect the immediate effect of GDPR to be on worldwide businesses?

It’s difficult to exactly pinpoint GDPR’s immediate impact, however, it’s likely we will see a massive increase in security and data protection investments. Businesses that failed to make it a priority in the past will be required to do so now, which will create a cottage industry of security services and companies that will move in to fill that void.

2)  How will this affect blockchain companies?

Part of what defines blockchain technology is that the data contained in each hash is not able to be edited or changed at random. That’s what makes it secure. It will be interesting to see what could happen if someone requests that their data be removed, and what blockchain companies would have to do in order to remove it. Theoretically, it’s possible to create GDPR-compliant blockchains using tokens to represent financial information in the blockchain. However, that also means the financial data will be stored somewhere other than for public reference, thus defeating a large purpose of the technology. It also doesn’t help existing blockchains already in operation. It’s safe to say that many blockchain companies themselves don’t even yet know how they will handle this scenario. Also, there is the question of non-permissible blockchains in that who would you fine?

3)  Will other countries watch this and enact similar laws?

It is possible, but that depends on what kind of impact the regulations have on global business. There are certainly some industries and businesses that are ripe for consumer data protection (think Facebook or Google), but smaller companies in other industries could be forced to shut down rather than paying fines. If the regulations are overwhelmingly positive, we could see an influx of similar laws enacted around the world, but it’s a case of “let’s wait and see.” 

Dean Anastos, Founder and CEO of Blockchain Developers, which specializes in offering a complete turnkey solution for token creation and smart contracts on the Ethereum blockchain

1)  What do you expect the immediate effect of this law to be on worldwide businesses?

Though this is specific to companies doing business in Europe, the fact is that nearly all companies are global in some nature and many likely have a touchpoint with Europe. This means that most businesses will be affected by GDPR. The immediate impact will be felt to those companies suffering a data breach or hack, as there could be significant fines incurred. No one knows exactly how strictly the laws will be enforced right away, but it’s safe to say that this will have a huge impact on the way businesses think about security.

2)  How will this affect blockchain companies?

The very nature  of blockchain is immutability. It’s impossible to remove information from the blockchain; thats what makes it so valuable as a technology. The fact that GDPR allows people to ask their information to be removed is troubling, because then entire records could be erased as if they never existed.

3)  Will other countries watch this and enact similar laws?

Perhaps, but I do feel that some countries that are more progressive will realize the purpose of the underlying technology and may exempt blockchain from these laws; I strongly believe any other scenario would stifle innovation.

 James Grundvig, Founder & COO of Myntum,  which provides a blockchain-based digital vault that secures critical digital assets, making accessible to the ‘99 percenters’ what was once exclusively the domain of the wealthy.

1) What do you expect the immediate effect of this law to be on worldwide businesses?

GDPR will bring with it a sea change in business processes. It will impact not only local and foreign companies operating in Europe, but also how EU citizens and their data will be treated outside the territory.

In February, 2.4 million Google users had filed their requests for the “right to be forgotten.” As a result, Google has a dedicated team of three-dozen employees working full time on this new wrinkle for doing business in Europe. 

These preemptive measures are just the start of a major transformation for companies. It will produce major headaches for those who don’t comply or take data processing and filling in the new role of data protection officer (DPO) seriously.

What will the immediate effect of the law be both in Europe and globally? Most companies will be exposed with delays in implanting compliance and safeguards toward the new rules.

Others will somewhat comply, still others will take a wait and see approach to what happens to other transgressors. Will the GDPR Commission make examples and heavily fine some corporations? Or will they help businesses with complying?

2) How will this affect blockchain companies?

In a recent Gartner survey, in which 293 CIOs were interviewed, only 1 percent of the companies had implemented blockchain into their business operations, while it revealed a “scarcity of blockchain deployments” elsewhere across most sectors. Perhaps the irony of that discovery is how blockchain will enhanced and streamline operations, reducing human error and driving efficiencies throughout business units. 

Blockchain will serve to underwrite how businesses incorporate GDPR and track compliance

3) Will other countries watch this and enact similar laws?

With Dublin, Ireland, being the technology hub of Europe, home to several U.S. tech giants, from Facebook and Google, to Apple, Amazon, and Microsoft adjustments to the new rules with onerous penalties have already taken place.

The E.U.’s attempt to give robust rights to users, including data protection, privacy, and consent has also empowered software companies, such as Tieto of Norway, to work with the European Commission on developing a true informed consent platform for people to share—or not—their health records with research scientists.

Also, the US Congress just passed the Consolidation Appropriations Act (H.R. 1625), stuffing the 32-page Cloud Act inside with a lot of “pork” projects.  

Hayel Abbassi, Controller of Paxful, a peer-to-peer Bitcoin marketplace:

1)  What do you expect the immediate effect of GDPR to be on worldwide businesses?

It is likely that worldwide business will become more transparent for customers whose data is stored on digital platforms. Customers will have a much better idea as to what data is collected, who this data is shared with, and why it was collected in the first place. This will lead to customers considering which businesses are acceptable to work with, and which should be avoided. Online platforms will be held accountable by customers, business partners and EU regulators. Under GDPR regulations, all businesses that are involved with others in the EU have a legal responsibility now to monitor their partners and ensure compliance. If one business you work with suffers a breach of your customer’s data, you will be held equally responsible for that data breach, resulting in a more selective process. Overall, there will be a cleansing effect on internet businesses in regards to data controls.

2)  How will this affect blockchain companies?

The heart of businesses that deal with digital currencies and cryptographic technologies is data. Bitcoin, for example, is money represented as data. Companies in the industry who handle customer’s digital assets and transaction data will be looked at differently than companies that handle social media data. Transaction data and exchange data is valued differently than social media data. In my experience, companies in this industry are filled with highly technical people who fundamentally care about privacy. A lot of projects and business in this industry are privacy minded, so they should be followed by example.

3)  Will other jurisdictions watch this and enact similar laws?

I’m sure some jurisdictions will enact similar laws, but I wouldn’t be surprised to see some explicit differentiation. For example, the GDPR document is overall vague and overreaching. This will likely be iterated on should the United States pass similar regulation. I would like to see more clarity and understanding for our specific business. There are mainly different types of data that are covered under GDPR, all under the label of “sensitive data.”

It’s important to note that this regulation intends to create more clarity for customers, so I believe the European Union owes businesses in their jurisdiction more clarity on their responsibilities.