Blockchain
When using blockchain technology, there are some data protection issues which has to be clarified. ePrivacy supports companies using blockchain technology to comply with data protection regulations and checks the blockchain for its compliance with the GDPR. A certification of a blockchain with the recognized data protection seal ePrivacyseal is possible, if a product fulfills the high requirements of data protection and data security.
WHAT SETS US APART?
- Experience and Trust: We evaluate numerous innovative technologies, such as AI and blockchain, and integrate the legal component with the technical one.
- Customized Solutions: We develop pragmatic solutions tailored to the needs of our clients.
- In-depth Expertise: Our team consists of experienced data protection experts, computer scientists, and lawyers who provide you with individual and personal advice.
Assessment and Evaluation of Blockchain
- Development and Implementation of Security Policies and Protocols
- Data Protection Impact Assessment for Blockchain Technology when Personal Data is Processed
- Employee Training
- Consulting on Technical and Legal Implementation of “Privacy by Design”
- Risk Assessment and Derivation of Necessary Measures
Blockchain Certification
- Technical and Legal Assessment of the Deployed AI System
- The criteria catalog is based on the General Data Protection Regulation (GDPR) and incorporates all current court rulings, the TDDDG, as well as guidelines from the EDPB and data protection authorities.
- Confirms compliance with the ePrivacyseal criteria catalog, which includes the requirements of EU data protection law under the GDPR.
- Recognized and expertise-selected technical and legal experts
Blockchain and data protection
Compliance with data protection regulations plays a major role in the use of blockchain technology, as blockchains are generally operated globally and very often process personal data. Thus, the GDPR-compliance must also be considered as a standard for data processing. This applies to both public and privately operated blockchains.
Significant challenges of the data protection-compliant blockchain
Since blockchains are operated decentrally, a controller for data processing (e.g. participants or miners) must be defined in order to operate the blockchain privacy compliant. The implementation of the right to rectification and the right to be forgotten (Art. 16 and 17 GDPR) is one of the central points in the privacy-compliant use of a blockchain. In this context, it must be examined how data can be corrected and deleted or when and how data subjects can legally refrain from correcting and deleting their data in advance. Measures to prevent the identification of data subjects can often also be implemented. In addition, the possibility of using pseudonymisation to implement data subjects' rights and to protect them from access by third parties must be examined. In addition, the GDPR requires compliance with the following principles: privacy by design, privacy by default and data minimisation. There are approaches how these requirements can be fulfilled by a GDPR-compliant blockchain.
Possible measures to ensure the privacy-compliance of a blockchain:
- Technical solutions and specific process definitions to comply with the right to rectification and the right to be forgotten (cryptographic procedures, etc.)
- Selection of the correct data format in which the data will be stored, taking into account the principle of data minimisation (GDPR)
- Secure multi-party access
- Use of hash functions, encryptions, authentication procedures, zero-knowledge proofs, etc.
- If applicable, data protection impact assessment (according to Art. 35 GDPR)
ePrivacy supports you in implementing these measures and in designing your products and technologies in accordance with the very high requirements of the applicable data protection law. We help you and your employees to handle blockchain applications securely.
