With just a matter of days until the GDPR rollout occurs across Europe, many CFOs will be well aware of the operational costs involved with staying within the law and not being at risk of huge fines. Blockchain technology could be the answer to avoiding some of the headaches, argues Alastair Johnson.
With just a matter of days until the GDPR rollout occurs across Europe, many CFOs will be well aware of the operational costs involved with staying within the law and not being at risk of huge fines.
The changes are aimed at giving individuals far greater control over the personal data they use to access online services and punishing organisations that fail to fit into this new reality. While some of the changes aren’t entirely new, others are. Additionally, the potential fines for businesses that do not store, manage or process data in line with the regulation have been scaled up to the point where they could put some out of business.
It is mainly for this reason that CFOs are taking the GDPR changes so seriously, allocating budgets for new processes and recruitment that will help mitigate the risk of being hit by penalties.
But what if blockchain technology could eliminate the costs of compliance?
Blockchain is distributed ledger technology that is being used across markets to decentralize the storage, management and processing of information. For the e-commerce heavy world that we live in today, it could give consumers the ability to hold their personal information so that it’s not stored in centralised databases that can be breached.
This sort of system could enable CFOs struggling with GDPR changes to reduce new costs, avoid heavy fines and continue doing business in a fast and convenient way.
Reducing new costs
While the fines associated with GDPR changes have made most of the headlines, organisations are only liable to pay these if something goes wrong and the Information Commissioner’s Office (ICO) decides to act.
However, the more immediate costs that will be concerning CFOs are around data audits, new processes for data management and potential new hires. One of the first things organisations need to do is audit the data they hold on customers and employees to understand what it is, how it is used and who can access it.
They will also have to review all of their data capture mechanisms to ensure they fit with the guidelines on consent. Most significantly in terms of new costs, the regulation requires the appointment of a Data Protection Officer that could well require a new specialist hire.
Blockchain technology makes many if not most of these costs unnecessary because it would enable individuals to store and control their data, sharing it anonymously and only when required for online transactions.
Without the need to store this customer data, organisations could continue transacting with customers while hugely reducing any new GDPR costs. It would still be worthwhile to understand what data was held but a blockchain-based future strategy would make the development of new GDPR processes and the hiring of specialist staff unnecessary.
Avoiding heavy fines
As mentioned, the huge potential fines that will loom large in the minds of CFOs as a result of GDPR have probably been the most talked about aspect of the new regulation. These have come about as a result of many significant data breaches across the globe over the last few years. Even though these events have affected millions of consumers, the financial punishments that have resulted have been relatively limited, with £400,000 the largest fine levied in the UK to date.
The new GDPR fines are a major step up to the maximum amount as much as €20m or 4% of turnover, whichever is greater. While these fines are likely to be levied at the worst offenders, the reality is that major data breaches like we’ve seen in the last year will still affect businesses and individuals, now with the added issue of fines. It’s therefore unsurprising that CFOs are wary of the risk posed.
With data decentralised and under the control of individuals in a blockchain network, such risks disappear. Organisations do not need to centrally store large amounts of personal data in the first place, so the risk of hackers attacking these databases and the need to respond to such attacks no longer becomes an issue.
Continuing to do business
The great advantage of such a blockchain-based environment is that little about the way people interact with organisations online needs to change.
Individuals will still be able to make the fast, convenient and mobile-based payments they are used to. Businesses will still be able to communicate with these customers where necessary – when invoicing, for example – because zero knowledge storage allows anonymised communication channels to exist. Plus, there’s the fact that this technology can help reduce the fraud and false positives that are a major transaction issue for organisations today.
Finally, some CFOs may be tempted by blockchain’s ability to help them avoid the costs of GDPR but also wary of a confrontation with marketing leads who feel a loss of data control could degrade their ability to personalise experiences. The truth is though that organisations can still tailor experiences using anonymised data that doesn’t carry the compliance issues of GDPR.
It’s totally understandable for CFOs to see the GDPR changes as a significant risk factor that needs to be mitigated via the standard steps of data audits, new processes and specialist hires. However, blockchain provides a real alternative.
While it might seem like a radical choice, the benefits of near-term cost savings without a disruption to fast, convenient, online transactions should not be overlooked.
Alastair Johsnon is CEO of Nuggets.
