BLOCKCHAIN and GDPR COMPLIANCE

A NEW ERA OF DATA STORAGE & PROTECTION

Gone are the days when employee private data could be kept under lock and key: Data now lives in the Cloud and is accessed by current versions of the Internet. Now, new sophisticated means of stealing data is available to anyone who wishes to illegally access data. The hacking tools are no longer limited to professionals. Everything that has happened recently in the world of cyber security illustrates the vulnerability of private data to hacking and misuse and reinforces the need to tighten regulations to address technology issues associated with storage and access authorisation. Blockchain technology, that applies distributed ledger and encryption techniques, represents the only way data management can be tightened and it is only a matter of time before that is spelled out in privacy regulations. An obvious strategy for companies is to participate in the CET blockchain network to store personal data and avoid a rush later. This article describes what can be done now to set up a fully integrated operation to maintain data in multiple environments.

CHAPTER III OF GDPR & COMPLIANCE STRATEGY

In May 2018 the General Data Protection Regulation (GDPR) came into effect. The European Union (EU) document is the model for other data privacy regulations around the world.

Chapter 3 of the GDPR is about the Rights of the Data Subject and the 11 Articles (Articles 12 to 23) deal with the processing and maintenance of personal data and advocates “conceptual” ownership and control over the data to the individual. Other chapters in the regulation mention control over data processing and who determines who can see what and for what purpose.

BLOCKCHAIN NOW ENABLES “DATA SUBJECT” OWNERSHIP of DATA

No regulation ever imposes controls that cannot be reasonably enforced, and I believe that was the case when the GDPR was drafted in the years leading up to 2018. There was no point in including how data must be stored if the capability did not exist. That happened to be a period in which enterprise blockchain technology was just emerging as a serious HR data architecture component for personal data. If the regulation was reviewed today the “conceptual” ownership of personal data (the Data Subject) would be clearly defined as “actual” ownership and unambiguously enshrined in the document. Today, because of technical capability, distributed data storage would also be contained in the legislation as the secure method for personal data storage, and that means blockchain.

LEGACY HR TECHNOLOGY COULD NEVER BE COMPLIANT WITH AN UPDATED GDPR

Today, the reality is most HR software still hasn’t made the transition to digital technology, stores data centrally (that includes Cloud solutions using large data centres) and are monolithic by design. Companies using aging HR technology could not possibly be compliant with modern data privacy legislation. A new approach is needed to re-architect HR systems to give ownership of the personal data component to the individual. There is a solid business case to adopt the new approach based on process improvement and data quality, even if compliance was not a mandatory issue.

TRANSITIONING DATA to the BLOCKCHAIN

Then, there is the issue of how will data be transitioned to the new secure blockchain platform? Compliance is a company motivator, but the workforce does not have a similar incentive at present. So, if we wait for individuals to load their private data into a blockchain, it will never happen. There must be a more pragmatic way of ensuring the mass data migration takes place. The current HR blockchain industry cannot guarantee success: Almost all the emerging blockchain products are for knowledge workers and focus on credential checks and recruitment solutions. Compliance requires a fundamental change to data storage and needs to be a company initiative.

ABOUT CET’s DATA TRANSITION PLATFORM

Competitive Edge Technology (CET) has designed its’ blockchain application, and supporting governance network and ecosystem, around mass migration of workforce data to the new blockchain environment. Obviously, there are logistic issues and every workforce member (employees, freelancers, contractors, etc.) would not have access to the blockchain on day one. There needs to be a period of parallel processing where data can be updated from either environment. That is where CET’s unique patented process for data transition comes into play.

A NEW HR DATA ARCHITECTURE IS REQUIRED

The result of private personal data ownership is a new HR data architecture (illustrated below) and infrastructure, including data and application integration using advanced API (Application Programming Interface) methods.

Adjusting to the new architecture will require a change in mindset for existing data custodians or data stewards. That is where the HR profession comes into play. HR are entrusted with employee data right from the start of the employment process and they are accountable for data protection: That is an implied responsibility in most country’s current data privacy legislation. It is only after HR monolithic data structures are partitioned to enable ownership, between the employee and company, that other GDPR compliance issues, such as data retention and intended usage, can be resolved.

CET’s SUPPORTING BLOCKCHAIN ECOSYSTEM

CET offers three ways in which currently held HR data can be mass migrated to the secure blockchain environment and provides ecosystem support to define standards, provide an apps store to better align technology to business practice, a code store to assist custom development and help make AI (Artificial Intelligence) applications more transparent by recording logic and data sources, and an installed metadata platform to track data movement for analytics, integration devices (including Internet of Things – IoT) and other sources.

CET HOSTS A PRIVATE BLOCKCHAIN NETWORK

Companies that meet governance rules and are eligible (e.g. Australian registered employer companies with an ABN number) for an invitation to the private enterprise blockchain network, are given the option of simply providing current employee data on a CSV file, and CET will upload the data to the blockchain and park it there until the company is ready to take control, and give ownership to employees. Once uploaded, the CSV file can be destroyed. Some companies may decide that is all that is required for now, and the data would not be integrated back to the legacy HR system. Privately owned data is fairly static (Names, addresses, date of birth, etc.) and could remain current for a short time or may need another upload later to refresh. The important fact is data is present in the new blockchain environment and ready to provide a company with legislative compliance status whenever it happens.     

CET OFFERS A FULLY INTEGRATED CROSS-PLATFORM SOLUTION

Companies may opt for a two-way integration from the blockchain to a PaaS (platform as a Service) Cloud application and add company data relating to position and organisation assignment. For small companies that could be used as their HR technology solution and replace spreadsheets, or whatever fragile method they are using at present to record employee information.

Companies wishing to extend their HR functionality, and build additional custom applications, can opt for a platform licence that will deliver a solution that integrates to their current HR legacy system and delivers additional features. 

For more information download a White Paper from CET expanding on this article.