Blockchain and the GDPR: Can the conflicts be resolved?

By Melanie Brown

Melanie Brown (m.brown@blackdogrisk.com) is a Regulatory Compliance Attorney and President and Consultant for Black Dog Risk Solutions LLC in Rio Rancho, New Mexico, USA.

Innovating processes, procedures, and performance can make a significant impact on compliance initiatives. By incorporating technology in a compliance program, a business can increase efficiency, applicability, reliability, and, overall, corporate responsibility. This article will explain the concept of “blockchain” and consider the implications of recent privacy law developments such as the European Union (EU) General Data Protection Regulation[1] (GDPR) on the use of blockchain technology.

What is blockchain?

One technological advancement that can positively affect an internal compliance program is the use of blockchain technology. For non-techies, blockchain is distributed ledger technology that digitally stores or moves data between parties to a business transaction. Putting it simply, blockchain securely records each new transaction or data to a ledger. As new transactions occur, they are stored in a “block.” The sequencing of the transactions grows as each additional transaction occurs, creating an irreversible and immutable “chain,” ergo, blockchain.

Blockchain is an immutable and irreversible distributed ledger because all data or transactions recorded to the ledger cannot be changed, amended, or edited. Therefore, when parties make modifications to data or transactions, they will be appended to the chain. Certain known or identified parties to the transaction are invited to private blockchains to access transaction information, or in some cases, the transactions are public blockchains, where transactions are decentralized and parties have little to no knowledge of each other. Blockchain uses public and private encryption keys to protect the integrity of the transaction data, manage party access, and provide transparency.[2]

Blockchain is being used in several industries. From the retail to the music industry, companies are implementing blockchain. It reduces time and money by eliminating the use of third-party middlemen and increases security with the use of encryption. The transactions are distributed smoothly among parties.

How is blockchain associated with an internal compliance program, and what complications does it create? Well, consider this:

  • In a global company that imports and exports, international trade law and US federal law require a series of steps to comply with regulations. To ensure these steps are appropriately taken, the transaction can be added to the blockchain. For example, the import/export industry is still heavily paper driven. Shipments, certifications, and clearance processes that require a paper trail can be digitally driven in blockchain.

  • In a financial audit, due to federal regulations like the Sarbanes-Oxley Act[3] (SOX), the audit process could be maintained in blockchain as an electronic paper trail. The blockchain would securely record each document, errors, and conclusions as part of the audit. It can also provide transparency in real time. Because blockchains are highly secured, they could potentially meet the security standards of auditing requirements. Blockchains could also facilitate SOX sections 302 (Corporate responsibility for financial reports), 404 (Management assessment of internal controls), and 409 (Real time issue disclosures).

  • During contract negotiations, compliance personnel want to ensure that certain terms and conditions are included in the final contract. The various versions of the contract can be included in blockchain. Each new revision is a new transaction to the chain. The blockchain tracks which party accesses the contract and what changes were made when the edited version is placed on-chain. Final execution of the contract is memorialized by the signatures stored to the blockchain.

Blockchain can be used in other areas that require compliance, such as supply chain, recordkeeping, and even the onboarding of new employees.

This document is only available to members. Please log in or become a member.
Become a Member Login
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field

First name field cannot be blank!
Last name field cannot be blank!
We will send you an email that will give you access to this entire article.
Email field cannot be blank!
Enter a valid email!
Company field cannot be blank!
Enter a valid company!
Title field cannot be blank!

We're committed to your privacy. The Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA) uses the information you provide us to contact you about our relevant content, products, and services. For more information, check out our Privacy Policy.


About SCCE

The Society of Corporate Compliance and Ethics (SCCE) is a non-profit, member-based professional association. SCCE supports our members' work with education, news, and discussion forums. We are a community of leaders, defining and shaping the corporate compliance environment across a wide range of industries and geographic regions. In developing and maintaining effective ethics and compliance programs, our members strengthen and protect their companies.

952.933.4977

About HCCA

The Health Care Compliance Association (HCCA), is a 501(c)6 non-profit, member-based professional association. HCCA was established in 1996 and is headquartered in Minneapolis, MN. We provide training, certification, and other resources to over 10,000 members. Our members include compliance officers and staff from a wide range of organizations, including hospitals, research facilities, clinics and technology service providers.

952.988.0141

Facebook Twitter LinkedIn
Copyright © 2024 by Society of Corporate Compliance and Ethics (SCCE) & Health Care Compliance Association (HCCA). No claim to original US Government works. All rights reserved. All information provided through this site, including without limitation all information such as the “look and feel” of the site, data files, graphics, text, photographs, drawings, logos, images, sounds, music, video or audio files on this site, is owned and/or licensed by SCCE & HCCA or its suppliers and is subject to United States and international copyright, trademark and other intellectual property laws. Any third party logos and/or content provided herein is owned by such third parties and is used by permission herein. Your use of this site to is subject to our Terms Of Use and Privacy Statement.
Cookie settings