GDPR may well kill enterprise blockchain databases

The secure ledger technology sounds like a godsend for all sorts of databases—until you examine how GDPR’s PII management gets in the way

Become An Insider

Sign up now and get FREE access to hundreds of Insider articles, guides, reviews, interviews, blogs, and other premium content. Learn more.

Tech manias always end, often with a whimper, but sometimes with a hard slap in face.

The current blockchain frenzy seems to be on the verge of a rude awakening. The core issue is not whether the technology can address the myriad issues  surrounding its performance, scalability, security, and flexibility. Rather, it concerns whether its fundamental architecture—that of a shared, distributed, and immutable recordkeeping system—can pass muster with regulators in the European Union (EU).

Companies everywhere are racing to comply with the EU’s General Data Protection Regulation when it goes into full effect on May 25, 2018. GDPR will have a major impact on how global enterprises store, share, and use customer data. It is a legal framework for managing personally identifiable information (PII) of the residents of EU member nations. The regulation applies to any company holding such information, even those based in the US and other non-EU nations. The regulation requires that organizations that hold such data give individuals the right to request that it be deleted, corrected, and withheld from uses to which they haven’t consented.

The hard reality is that GDPR will impose significant financial penalties —fines up to €20 million or 4 percent of global revenues, whichever is higher—for failure to provide EU citizens with the rights to delete and correct their PII.

If you’re even remotely familiar with blockchain, you know that the GDPR requirements run contrary to its core architecture. A blockchain is an unchangeable historical record that’s distributed across many computers. This means that once a record is written to a blockchain, it can’t easily or feasibly be deleted or altered. One observer refers to this as “CRAB” (create, read, append, burn), in contrast to the “CRUD”  (create, read, update, delete) architecture of the typical transactional database.

How to think about GDPR in enterprise blockchain deployments

To continue reading this article register now