GDPR, Blockchain and Malta – General Data Protection Regulation – Are you ready?

One of the key components of the GDPR is the introduction of a new EU-wide framework which will apply to every single organisation in every single member state, impacting businesses and individuals not just in Europe, but across the rest of the world as well.

At the most basic level, the GDPR provides a set of rules that are designed to give EU citizens back the control over their personal data. It also aims to simplify the existing regulations so that both individuals and businesses within the EU can benefit from the full from the digital economy.

These new reforms are designed to reflect the world we are now living in and it updates laws and obligations that have been left behind as technological advancements have marched on. Laws pertaining to personal data, privacy and consent have all been significantly updated to reflect the realities of the world that we now live in.

Table of contents:

  1. What is GDPR?
  2. Blockchain nature vs GDPR
  3. GDPR compliant blockchain solutions
  4. Malta as an EU Country
  5. Are you ready?

What is GDPR?

GDPR regulations Malta

The GDPR stands for the General Data Protection Regulation and it will come into force on the 25th of May 2018 and will be directly applicable throughout all EU Member states.

Back in January of 2012, the European Commission laid out its plans for a full and comprehensive data protection reform that would be rolled out across the whole of the European Union with the aim of preparing for the digital age.

Nearly four years later, it is almost time for the laws to come into force, but there still appears to be a lot of confusion around what they entail.

Every aspect of our lives revolves around data and every kind of company from social media platforms, to banks, to that random furniture company that sends you a newsletter every 3 months, all store our personal information and the GDPR will apply to them.

The GDPR will apply to every organisation that operates within the EU as well as any organisation that offers their goods or services to customers that are based within an EU member state.

In other words, every big business in the world that has any dealings with EU customers will have to be ready to comply with the GDPR or risk facing big fines.

The scope of the GDPR is huge and it would take a lot of time and space to go into every single nuance of it, but basically, the GDPR will enforce strict laws on how your data is collected, why it is collected, how you consented to its collection and how it is stored. It will also afford you the right for you to request that your data is either amended or removed without facing penalties such as disruption or refusal of service.

Blockchain Nature vs GDPR

Under some circumstances, the GDPR could be referred to as a Digital Declaration of Rights and whilst its terms are comprehensive and far-reaching in some respects, they have failed to take into account many of the principles of blockchain technology.

It also takes for granted some of the centralised models of digital data storage, the likes of which are now being moved onto distributed ledger technologies such as the blockchain.

Centralised models of data storage place a great importance on the assumed premise that the custodians of personal data are trustworthy and have no ulterior motives when it comes to stewarding the information.

But when we consider blockchains, we know that they were designed as a solution to the failure of many centralised authorities to honour their promise as a steward of the public trust.

As such, blockchains were created to reign in a trustless environment and to allow individuals to transact directly with each other without needing to rely on, or trust a third party intermediary in the ecosystem.

This is the reason why blockchains are not just decentralised in nature but distributed as well.

This means that none of the nodes that are involved in running a blockchain protocol acts as a supreme authority over another. Instead, the integrity of ledger transactions are mediated through cryptography and the authority is shared by all of the nodes in the network without the need to rely on humans to come to any kind of agreement.

Blockchain not only removes the need to place trust in a centralised authority, but it also creates a wall of privacy, making surveillance of transactional activity very difficult.

Nowadays, there are many different types of blockchain available in the world, but the Bitcoin blockchain was designed with the concepts of pseudonymity and minimisation of data at the core of its efforts. The blockchain records only the public key of the sender, the public key of the transaction recipient, a cryptographic hash of consent, and the date and time of the transaction.

Under the GDPR, personal data is defined as information that when pieced together can identify an individual. With the information that the blockchain uses, this is not possible so technically it does not fall under the scope of the GDPR regulations.

Of course, if one of the parties involved in the transaction decides to publicly link a public key to an identity, the information would be personal data. But as the blockchain as default does not do this, the rights of the individual using the network are protected and are also not affected by the GDPR.

Of course, this only refers to the Bitcoin blockchain. If another blockchain is harvesting more specific data from its users, then it needs to ensure its compliance with GDPR come May of this year.

GDPR Compliant Blockchain Solutions

Right now, blockchain technology is in its infancy and the various solutions and programmes that we are seeing emerge at the moment, are only the beginning of what lies ahead. The key is ensuring that whatever the functionality of the blockchain, and whatever its intended use it, it must remain compliant with the GDPR.

There is no escaping this bit of new legislation and if anything, its scope will increase and develop further as time goes on. As such blockchain companies that are already functioning, need to put some serious thought into making sure that the way their blockchain works is completely compliant with GDPR.

Those who are at whitepaper stage or even those that haven’t gone past the pipe-dream stage need to get completely up to date with the incoming legislation to ensure that they are fully compliant with every single part of the legislation.

As no part of the GDPR is optional and penalties are swift and unforgiving, all companies will have to make sure they are on the right side of the law if they want to be successful.

To create a GDPR compliant solution, the blockchain company in question would need to make some serious decisions about whether they would work on the premise of anonymity, pseudonymity, or GDPR compliant personal data collection.

In other words, would clients be required to hand over no personal information, some personal information, or all of their personal information but with the assurance that it would only be used for the intended purposes as well as complying with other parts of the law.

Malta as an EU Country

Malta GDPR regulations

Malta has been a member of the EU since 2004. A single chamber, parliamentary republic it has a prime minister and a president. With a population of just over 440,000, it is one of Europe’s smallest countries but that doesn’t mean that it should be underestimated.

Malta has been home to the flourishing iGaming industry for over a decade and during this time it has cemented its reputation as a centre of regulatory excellence and one of the most revered iGaming jurisdictions in the world.

Home to hundreds of iGaming operators and related businesses, the island has developed an extensive support network of law firms, financial services firms, FinTech companies, IT companies, and more that are all geared towards digital industries.

As such, the cryptocurrency is an industry that is beginning to make massive waves on the island and the Maltese government have recently announced three new bills that will make it one of the first jurisdictions in the world to legalise in support of cryptocurrencies and the blockchain.

The proposed legislation is designed to protect investors and companies operating within this sphere, whilst still encouraging the growth of the sector and not stifling it like some other jurisdictions have.

Of course, the GDPR will have big implications for Malta as it is an EU member state as well as being home to thousands of companies that operate throughout the EU. Right now, companies there are gearing up for the implementation of the new laws and when it comes to blockchain and cryptocurrencies it is expected that these will have also been accounted for.

The government is proposing the setting up of a specialist agency that will oversee the industry and as a part of this, GDPR obligations will form a critical part of this. Any company that is operating in Malta, be they involved in cryptocurrency or something completely different, will have to adhere to the rules and will be supervised by local authorities.

Malta is set to become a leading location for cryptocurrency enthusiasts and businesses. With glorious weather 300 days of the year, its attractive corporate taxation regime, and the impending pro-crypto legislation that is about to go through parliament, it really is a great place for people involved in crypto to consider setting up shop.

As an EU Member state, all eyes are going to be on Malta to see how it copes with its obligations to the GDPR whilst ensuring that it still supports and nurtures its burgeoning cryptocurrency industry.

As the only jurisdiction in the world that is taking truly positive steps towards regulating and encouraging the cryptocurrency market, they have the perfect opportunity to create a template of sorts and to show other jurisdictions how privacy, data protection, regulation, innovation, blockchains, and cryptocurrencies can all coexist hand in hand.

Are You Ready?

The race is now on to cross the “t’s” and dot the “i’s” when it comes to preparing for the enforcement of the GDPR.

Companies all over the country, and Europe, are scrambling to ensure that their procedures and processes are updated and in place ready to deal with this new way of doing things.

In Malta, special attention will be given to ensuring that all companies dealing with the disruptive world of cryptocurrency are in strict compliance with both local and EU laws, and blockchain developers will be working hard to work out how to continue the anonymity of the service, whilst ensuring that they are adhering to the new rules.

Read more about Malta Cryptocurrency and Blockchain Regulations.