The General Data Protection Regulation (GDPR) was thought to exist only in writing when it was agreed upon in 2016 and became active in 2018. Now, its effects are being felt in the same backyard where it was created. British Airways is the first to feel the pinch after it was fined approximately $230 million, which roughly translate to 1.5 percent of its revenue.
According to British authorities, and as reported by the New York Times:
“Poor security at the airline allowed hackers to divert about 500,000 customers visiting the British Airways last summer to a fraudulent site where names, addresses, login information, payment card details, travel bookings, and other data were taken.”
What Is GDPR, And Who Is Affected?
The General Data Protection Regulation is a set of rules put together by the European Commission with the contribution of 28 countries in the European Union (EU). The rules aim at introducing a standardized way of interacting with consumer data in Europe. However, the rules also apply to companies outside Europe but which interact with consumers from Europe. Notably, the rules do not apply on a business to business level.
The regulations are meant to give consumers in
Europe more control over their data held by businesses. The rules define how
personal data should be safeguarded right from handling, capture, storage, and
sharing, regardless of whether the information pertains to employees or
Interestingly, the GDPR gives consumers the
power to request companies to delete their personal information if the purpose
for which it was collected has been achieved. Failure to comply with the
regulations attracts a fine of up to 4 percent of a company’s annual turnover.
Unfortunately, although the GDPR is meant to safeguard consumers’ private data, its implementation depicts that British authorities are yet to take user privacy with the seriousness it requires. In the case of British Airways, a 1.5 percent fine is very little and does not necessary encourage other companies to re-look their data protection procedures. Blockchain technology, on the other hand, offers better terms and puts the security and privacy of user data on the front-line.
Blockchain Helps to Safeguard Consumer Data Better Than GDPR
With blockchain technology, consumers have a
safe vault for their private information. Additionally, it is capable of
offering a way out for European businesses seeking to offer enhanced data
security and or privacy under better terms than those defined by the GDPR.
For example, unlike in centralized systems,
blockchain stores data in multiple devices. As such, there is no single point
of failure. Consequently, it becomes hard to hack into the system.
Additionally, blockchain technology gives consumers power over their data.
To enable individual access, each blockchain
user has a unique private key that helps them to interact with their data.
For businesses to take advantage of the powers presented by blockchain technology, they can encourage consumers to store their data on the blockchain then interface the technology with various payment systems among other platforms.
Privacy wise, researchers at MIT are already
working on a solution that would introduce private or secret contracts on top
of the current smart contracts. Although smart contracts have been widely used,
they can be analyzed.
Fortunately, with secret contracts, users will be able to “maintain
control over personal data, particularly through preventing its monetization or
analysis by platforms.”
Blockchain and other distributed ledger technologies are already in use. For instance, Estonia has migrated its citizens’ data onto a distributed ledger platform. Also, Singapore and Illinois have embraced a blockchain-based system in the birth registry and interaction of government services, respectively.