On GDPR Day, a Blockchain Solution


As new EU regulations come into force today, to protect its citizens’ personal data and presenting a major compliance headache for companies worldwide, a blockchain solution, GDPR Edge, has been proffered by IntraEdge, in collaboration with technology leaders Intel and Microsoft and accountants BDO USA.

The EU’s General Data Protection Regulation (GDPR) comes into force today (May 25), which provides a wide range of rights and protections for EU citizens’ personal information, while imposing heavy fines for any companies that don’t comply. With extra-territorial scope, companies outside of the EU are subject to its requirements if they hold data on EU citizens and face potential fines of EURO 20 million or 4 percent of annual turnover if greater.

According to a press release Wednesday, GDPR Edge is a blockchain solution for the GDPR regulations. It is powered by Intel Software Guard Extensions (SGX) designed to increase the security of application code and data.

The release states that BDO is the first organization to integrate GDPR Edge into its governance, risk, and compliance advisory services and Microsoft has joined in promoting the technology partnership and product launch. GDPR Edge uses Hyperledger Sawtooth’s distributed ledger technology to enable trusted governing parties to keep accurate records, while providing consumer access and transparency.

The companies say that GDPR Edge is geared toward complex environments with an array of data sources, customer touch points, and multi-point-of-sale (POS) systems, often found in retail, hospitality and technology industries. The system enables organizations to view disparate transactional data in a centralized location and provides an external consent mechanism for consumers.

The solution also helps support the rights of data subjects, a fundamental requirement of the new regulation, the statement claims. An easy-to-use portal allows individual data subjects to review their collected personal information, modify it, or request its removal. If the user makes an update to their personal information within the portal, it kicks off a series of automated workflows on the back-end that record those changes and then communicates confirmation that the requested changes have been made back to the individual.

“This centralized repository can be made available to data protection authorities, auditors and data governance professionals, as well as any other data collector or processor, meaning increased accountability, information transparency, accuracy, efficiency and auditability,” said Stephanie Giammarco, Partner and National Leader of BDO’s Technology and Business Transformation Services practice in the statement. “Sweeping regulation calls for a stepped-up approach to information management, and we’re excited to couple this tool with BDO’s extensive governance, risk and compliance capabilities to provide clients with a suite of GDPR compliance services.”

Microsoft has partnered in positioning the technology to enterprise adopters. This includes leveraging its Azure platform and Business Intelligence offerings to transform the GDPR requirements into an enterprise value extension for Microsoft clients.

“The value of the GDPR Edge platform as it pertains to the changing regulatory environment and the importance of privacy within the global landscape cannot be overstated,” said Chris Dieringer of Microsoft, US Retail and CPG Industry Practice Leader. “This has been made clear by the market’s response to this unique, practical application of blockchain technology which operationalizes GDPR compliance.”