We take GDPR very serious
The basics of GDPR
The General Data Protection Regulation (GDPR) is an EU legal framework that specifies how personal data of EU citizens and residents should be used and protected. Breach of compliance would see penalties of up to 4% of worldwide turnover or €20 million, whichever is higher.
GDPR and Blockchain
The data immutability characteristics of blockchain causes inherent contradictions to the new GDPR legislation. Blockchains require considerable non-trivial reinforcement of legal, security, and privacy protocols. There are not a lot of options for blockchain frameworks, and the risk is real.
VEDA for GDPR ComplianceWith vital middleware built on solid cryptographic foundations in security and privacy, VEDA provides guarantees compliance for GDPR and a plethora of other legal and regulatory frameworks, with the means to de-risk against future changes in compliance requirements.
Why VEDA is GDPR compliant
1. Data Privacy by Design
As a self-sovereign identity platform, all data resides by design and by default with the data subject. Not only is access to data exclusively controlled by the data subject, further control may be exerted on the inspection side by smart contracts and digital constitutions.
2. Data Portability by Default
As a self-sovereign identity platform, all data resides by design and by default with the data subject. In fact, a data subject may even leave VEDA; a system is not a true blockchain if participants cannot enter and leave at will.
3. Complete Control over Consent and Access
As a self-sovereign identity platform, inspectors of personal data must clearly state what data is used and how it will be used, while access is easily granted or revoked by the data subject.
4. Autonomous Data Protection Officers
The role of DPO is fulfilled by smart contracts, by consensus among notaries, or by actual notaries themselves. Provisions regarding breach notifications are enforced by smart contracts and further governed by digital constitutions.