Since the 25th May of 2018, the General Data Protection Regulation is implemented in France and in the European Union. These regulations aim to establish a certain frame towards the use of personal datas, thanks to the creation of new rights for the users. Among all these rights we can state : the right to information (inform an individual about the use of its personal data), the access right (the possibility for an individual to ask informations about processing personal data) and the right to oblivion (the possibility for an individual to request the data erasure).
From these rights, many obligations arise for the companies. These obligations are recalled in this document written by the Freedoms and Computer Correspondent of the CNRS. In this article, we have identified the obligations that can be processed by the use of the Blockchain as a “virtual notary” to certify data or digital files.
In order to understand the Blockchain authentication and the following points, you can start reading our previous article about the 5 questions to understand Blockchain certification.
1/ Evidence of the user consent
Using the Blockchain to create evidence of the user consent is the simplest use to put in place within companies. The objective is to create a proof of authenticity everytime the user consent is registered by a company. The Blockchain technology is very interesting in this case in order to dispose of a proof of integrity, time stamped and tamper-proof. This way a company can prove the user consent, by bringing the authentication certificate in front of a judge.
2/ Register of processing operations
By essence, the Blockchain is a decentralized record keeping system. This means that data isn’t stored on a unique server but duplicated on many different ones. Thus, the data registered on the Blockchain is immutable, it can’t be altered or erased afterwards.
When it comes to personal data, the data has to be encrypted though, so sensitive informations can’t be read by anyone. This is automatically done by the Blockchain authentication.
3/ Integrity and confidentiality of personal data
The confidentiality of personal data is defined as the protection of data so it is not open to unauthorized outsiders. The confidentiality can’t be handled on the Blockchain, so it comes to companies to put in place the suitable safety measures, necessary to the protection of personal data.
However, the integrity of data can be dealt on the Blockchain. It is the central idea of the Blockchain authentication. The purpose is to create a digital footprint for every file, and to add it on a public Blockchain such as Ethereum, Bitcoin… (DataTrust use Ethereum). Therefore, once the footprint is registered on the Blockchain, companies possess a proof of integrity related to every data.
4/ Tracking the use of personal data
This method consists of registering into a public Blockchain the use of individuals personal data. This personal data is identified by a unique hash. Everytime this personal data is utilized, the hash is registered into the Blockchain with the following informations : who used the data ? how the data was used ? in what purpose ?
Adding these informations on the Blockchain will allow time stamping them, and having a certain date linked to the use of this data.
For all these use cases, companies can use DataTrust platform, our Blockchain authentication solution of data and digital files. It permits significantly reducing the costs comparing to a centralized solution.
Companies can choose to either use DataTrust platform or implementing the DataTrust API into their existing Information Systems. In both cases, our team will help and guide you in using DataTrust.