Consumer privacy is becoming more recognized as a high priority for regulators around the world. That trend is perhaps embodied most explicitly by the European Union’s General Data Protection Regulation (GDPR), which came into effect in May, as well as California’s new state law on privacy set to come into effect in 2020.

These rules are tailored to target established companies with centralized platforms like Google and Facebook, who are now being asked to optimize their technology infrastructure to become compliant.

Blockchain technology, with its innate controls for user privacy and security, would be a natural fit to address any privacy concerns that a typical consumer would likely have. Ironically, these innate controls are in themselves a challenge for GDPR compliance. The regulation’s stipulations include the following:

Companies must gain customers’ consent before storing their data.

Companies must not collect data they don’t need from consumers to conduct their business.

In-house “controllers” of personal data are obligated to to ensure protection of user data when it is transferred to third parties.

Companies must respect a “right to be forgotten” and delete data at consumers’ request.

For a blockchain solution to work within the confines of GDPR, it must address several key questions: Who’s legally in “control” of the data on a shared ledger? How can it be taken down upon user request, considering that many ledgers are designed to be immutable? If old transaction data is transmitted on a shared ledger, does every single user have to give consent? And so on.

To help sort through these issues, Dispatch recently teamed with London-based GDPR experts Z/Yen and Lily Innovation to explain how distributed ledgers can address GDPR challenges, and in particular how the technical and policy features of the Dispatch ledger and its associated Dispatch Artifact Network (DAN) are designed to address and minimize those challenges:

Our innovative consensus algorithm, Delegated Asynchronous Proof of Stake, results in less data being written to the shared ledger than might occur on other DLT platforms. This greatly reduces concerns about storing unnecessary data.

The storage of enterprise data offline in our Dispatch Artifact Network helps to clarify who is in control of that information.

The roles assigned to nodes on the Dispatch network, and their relationship to the DAN also help to mitigate concerns about data custody.

Developers of distributed applications that use the DAN have a high degree of control and transparency over what data is and isn’t stored there.

All these features will help developers on the Dispatch platform build dApps with high confidence that they won’t run afoul of GDPR. We realize that’s no small concern, considering the penalties for noncompliance include fines of up to €20m or 4% of a company’s total worldwide annual revenue.

For fuller details about the Dispatch platform’s GDPR compliance, download our dedicated GDPR paper.