Latest News

Addressing data protection like GDPR and HIPAA with blockchain

Data protection finger pointing

In an age where acts like GDPR and HIPAA have brought unprecedented levels of data protection to consumers, one would rightly wonder how blockchain powered data solutions could possibly comply.

In a presentation at the Blockchain for Saudi Vision 2030 summit, Jorge Sebastião (Co-Founder of the Global Blockchain Organisation) spoke about managing, storing and accessing personal data in the fields of healthcare and human resources where users maintain the ownership of their data on an immutable and honest blockchain. 

The Global Blockchain Organisation (GBO) is an NGO that helps implement enterprises and government organisations for blockchain around the world with applications like CBDCs (Central Bank Digital Currencies).

You can watch the presentation on our YouTube channel or read the transcript below. To stay abreast of similar summits and presentations in your geographic location, bookmark our events page.

Securing all types of sensitive data

When talking about sensitive data, we’re referring to three major categories of information; HR data, healthcare data and personal data.

When we look at these three categories, blockchain actually provides tremendous utility and control. To understand this statement, it’s important to know a bit more about blockchain. 

One could look at blockchain as a new type of operating system, or OS. I usually call this Blockchain as an Operating System of Trust. Trust really means that it’s not just about ensuring that the information is valid, but also that it’s the user controlling who has access to what data.

Securing and monetising your personal data with blockchain

The primary mechanism by which blockchain ensures the validity of data and secures data access is because the data is signed by the keys of the user. By being in control of your digital wallet – whether it’s a hot, warm or cold wallet – you have full control to determine what data is accessible by whom and under which conditions. 

Having ownership of your data doesn’t only secure your privacy, but it also opens the door to monetising your data. 

The intersection between blockchain and data regulations

On one side, we have this blockchain technology that is fully trustworthy by putting the control over your data in your own hands. On the other side, we have regulations like HIPAA, the Health Insurance Portability to and Accountability Act from the USA, and GDPR, General Data Protection Regulation from the EU. These and others enforce the privacy of data records, from healthcare records to HR information, and personal data.

You can see that blockchain and data privacy are a superb match. Although each of these acts originate from a particular geography, organisations from across the world have to comply if they wish to do business or interact with these locales.

The challenge of ‘right to be forgotten’

While the two are an excellent match, there are challenges to be ironed out. One of the rights that GDPR grants individuals is something called the ‘right to be forgotten’ which means you as a user have the right to approach services to ask them, ‘Please don’t keep data about me’. 

In one way, blockchain is the very opposite as the data published thereon is kept forever, or immutable. And yet there is also a practical solution: although data cannot be erased from the blockchain, it can be hidden from public view by pruning it from the blockchain records that are searchable via block explorer services.

Blockchain for data accessibility

If we look specifically at Dubai, we have an Open Data Law that was introduced between two and three years ago. The law originated against the backdrop of census operations in countries like the USA and Canada that provides businesses access to the data they collect. Such data is seldomly available in the Middle East and definitely not in places like Africa. 

But if businesses want to do proper and accurate business plans, they need to have some data. Dubai’s Open Data Law ensures that governments and businesses share the data that is useful for statistical and business decisions, without revealing sensitive data. 

The Kingdom of Saudi Arabia is also looking at adopting some of the elements of the Open Data Law and even to improve on it.

Blockchain plays an important role in the implementation of laws like these as a technology of trust. The two go together like a symbiotic relationship where both parties benefit.

Blockchain for government

If you are interested in exploring blockchain solutions for your enterprise, we invite you to learn about BSV’s Blockchain for Enterprise Initiative

If you’d like to attend future summits, keep an eye on our BSV blockchain events page.

Scroll to Top