Blockchain identity system ShoCard meets GDPR standards
ShoCard removes the need for authentication data to be stored on an organisation's databases.
Blockchain-based identity management system ShoCard is pleased to say it meets the EU's new General Data Protection Regulation (GDPR) standards.
ShoCard's identity management system (IMS) removes the necessity for authentication data to be stored on organisation databases. Instead, it is stored completely on the user's mobile device, secured with their private key and shared via the blockchain.
All companies processing or holding the personal data of persons residing in the EU, no matter where they are located or where its data is processed within the region, are expected to have GDPR compliant solutions in place ahead of the legislation's enforcement date of May 25, 2018.
ShoCard solutions meet the regulation's "Privacy by Design" standards. It allows companies to authenticate users without storing their authentication personally identifiable information (PII) data. By using the blockchain as a source of validation, the original data can never by reverse engineered, said a statement. It can only be used, with the user's permission, to independently identify the authenticity of the user.
"The problem with merely encrypting data is that it's not secure enough to be a full solution to GDPR and data privacy requirements. If the key to the encrypted data is ever found, then it can be accessed by hackers," said Armin Ebrahimi, CEO and founder of ShoCard. "IMSs using blockchain technology, like ShoCard's solutions, remove the need to store PII at all, which circumvents the necessity of large, vulnerable databases and meets GDPR requirements."
The platform also reduces requests to access, erase and correct user data, as the data is not stored on company databases. Organisations also obtain definitive proof of consent for permission-based user data. ShoCard solutions facilitate permission-based access of information by giving users control of the sharing of their data, leaving an audit trail of consent on the blockchain. The user can remove that consent at any time, satisfying the GDPR's right to erasure.