GDPR and Blockchain
With Process automation, artificial intelligence and cloud-based technologies transforming the accountancy industry, Blockchain has emerged as the most promising but also the one least understood technologies.
Blockchain can enhance operations and efficiency due to its two main selling points.
Firstly, its decentralized system with its multi-server approach makes it almost impossible to hack. The other USP is the fact that blockchain indelibly records each stage of a transaction which allows uniquely identifiable users great security for their data thereby driving accountability, trust, and transparency. In business, this can help overcome fraudulent activity as the records cannot be altered as seen with traditional forms of data storage.
How does it affect accountancy?
With auditing fraud, the biggest issue the accountancy industry is facing, a better system with blockchain technology can be implemented.
The advantage of decentralized databases could also be a downfall when it comes to General Data Protection Regulation (GDPR) compliance. The block structure permanently timestamps and stores exchanges of value, preventing anyone from altering the ledger.
Does this present a flaw?
On paper, essential rights like the right to be forgotten and the right to rectification under the GDPR are in direct conflict with how blockchain operates.
Although firms will need to combat common issues such as sourcing relevant data across multiple servers, deleting data permanently should be a task that firms can react to.
However, for blockchain technology, whose whole premise is built on the fact that records cannot be changed; does this put it at odds with the GDPR? The decentralized system based on a chain multiple nodal ledger formats will pose significant logistical problems and deleting information would be a challenging particularly in a publicly operated blockchain.
What’s the answer then?
A solution is for blockchain to overhaul platform operations, with an implementation of a centralized back-end system that would enable data to be anonymized without breaking any chains.
While it does seem that the GDPR and blockchain are on a collision course, there are other legal arguments which need addressing.
The broader legal issue here is that GDPR centers on data controllers and the requirement of legitimate and fair processing of data but in this case, blockchain is not the controller or processor, it is the application. So, the argument needs to focus on the companies who control and process the data. Firms that operate private blockchains control its implementation and utilization so that data responsibilities would lie with them.
GDPR and blockchain do not work in perfect harmony; legally they are not entirely at odds. GDPR will require several iterations not only to include new technologies (Artificial Intelligence for example) but also to address loopholes.
Blockchain recording systems can help firms remain compliant and make it easier for auditors to step in and if implemented correctly it would provide a much more robust solution that should be able to prevent frauds or make their detection more likely.