DNVGL.se

New technologies vs. personal data protection – help or hazard?

Blockchain_newtechnology_banner-article_insight3.png

The recent Viewpoint survey on personal data protection shows clearly that companies are currently in a state of confusion with regard to the impact that new technologies, such as for example blockchain, has on personal data protection.

The recent Viewpoint survey on personal data protection shows clearly that companies are currently in a state of confusion with regard to the impact that new technologies, such as for example blockchain, has on personal data protection. Some see the glass half full and believe that technology will bring new ways of protecting and controlling our personal data, while others are sceptical and worry about the potential risks that the technology will inherently bring non-compliant situations. The majority has no opinion at all, which is not surprising, given the complexity of the topic. Answers are bound to come, through additional legislation and regulations and guidance documents by the relevant authorities.


Lowering The Risk  

For organisations using blockchain technology projects that require personal data, the risk picture remains a grey zone, but mitigation measures can help: 

  • Minimize personal data to what is necessary in connection with the project objectives;
  • Include appropriate liability limitations and risk transfer mechanisms in agreements with involved technology providers;
  • Ensure that information, guidelines and disclaimers are provided to developers and users on how personal data is treated (e.g. which data can remain off-chain without jeopardizing the project objectives);
  • Monitor development of technical possibilities and measures on a continuous basis (e.g. hashing algorithms applied). Keep up-to-date with all regulatory developments impacting the level of risk.
  • Share insights and recommendations with the technology community to positively impact data protection awareness, challenges and pitfalls. Inform ecosystem participants about their roles and responsibilities under GDPR.
Let’s use a couple of examples to illustrate the current challenges.