Applied Research

How to benefit from Blockchain solutions and respect EU privacy laws

Blockchain and Distributed Ledger Technologies (DLT) have emerged as an effective enterprise transformation tool. They provide capabilities beyond traditional databases to share data and manage workflow throughout an enterprise and across its ecosystem of customers, partners and suppliers in a trusted manner without central control.

As with many exciting new technologies, the hype surrounding Blockchain has been extreme and prompted a tidal wave of company experimentation that has proven one thing: Blockchain is not a good fit for all applications, but for some, it is an exceptional fit. It is our belief that many supply chain operations belong in the exceptional category. The Center for Global Enterprise’s (CGE) Digital Supply Chain Institute’s (DSCI) research has shown that with proper selection of use-cases, tremendous benefits can be realized.

Blockchain for the enterprise is a specialized workflow automation tool that when applied properly is a powerful cross-enterprise transformation instrument. However, our research has shown that success stories remain elusive because of difficulties in forming the Blockchain ecosystem or network, determining network and data governance, and complying with government data regulations. It is this last element that forms the basis of this paper.

Many commentators have written that GDPR and Blockchain technology are fundamentally incompatible. This paper was prompted by DSCI members who saw this as a clear inhibitor to Blockchain adoption and asked for our view. We enlisted the intellectual property, technology and data protection practices of Cravath, Swaine & Moore and Slaughter and May, two leading international law firms, to better define the opportunities and challenges as the new law applies to this nascent technology. This paper is an abridged version of the full paper “March of the blocks: GDPR and the blockchain” written by the same parties.

Other countries will, undoubtedly, adopt regulations similar to GDPR and hence businesses are unlikely to avoid privacy compliance issues in the future. We also want to emphasize that the GDPR is a pressing concern not just for B2C companies, as the evolution of supply chains in a digital economy is increasingly making B2C and B2B distinctions irrelevant. We also note that a simple signature on a purchase order can be subject to the regulation, making it relevant to all businesses.

In this paper, we focus on GDPR compliance in a Blockchain network. We will examine the power and efficiencies Blockchain brings to the shipping industry and examine the compliance challenges created by GDPR. We conclude that GDPR and Blockchain can happily coexist and provide a framework for addressing GDPR compliance in a Blockchain network.