decentralized-id.github.io/_posts/2019-03-01-gdpr.md
2020-01-05 23:54:47 -05:00

7.5 KiB
Raw Blame History

title layout classes toc permalink canonical_url redirect_from categories tags last_modified_at
The General Data Protection Regulation (GDPR) of the European Union single wide false regulation/gdpr/ https://decentralized-id.com/regulation/gdpr/
gdpr
gdpr/
Literature
Regulation
GDPR
2020-01-05

The General Data Protection Regulation (GDPR) is a privacy regulation enacted May 2018, effecting anyone processing the data of EU residents.

Is Self-Sovereign Identity the ultimate GDPR compliance tool? [1] [2] [3] GDPR - A reflection on the 'self-sovereign identity' and the Blockchain Digital Identity Management in the Context of GDPR & Sovrin

EU Blockchain Observatory and Forum Report Blockchain and Identity

Section 19: Decentralised identity and the European regulatory landscape

  • IDENTITY AND THE GDPR

    An identity framework will need to work within such GDPR principles as data minimisation, purpose limitation and storage limitation. It will also have to deal with many of the rights that data subjects have under the GDPR, among them the well-known right to erasure (right to be forgotten), right of access and rights related to the automated processing of data. The GDPR also lays down clear responsibilities for data controllers and processors that will certainly need to be taken into account as well.

  • EIDAS: A PAN-EUROPEAN NATIONAL IDENTITY STANDARD

    Perhaps the most important regulation dealing with identity in the EU is eIDAS, an EU regulation and a set of standards for electronic identification and trust services for electronic transactions in the European Single Market. This regulation will have a deep impact on the decentralised identity framework, above all as it pertains to government-issued/recognised identity credentials, and so is worth a closer look.

Resources

Privacy by Design

Privacy by Design means that privacy should be considered from the very beginning, when designing a product. Article 25 of the GDPR requires “data protection by design; data controllers must put technical and organisational measures such as pseudonymisation in placeto minimise personal data processing.”

Privacy Impact Assesment

Article 35 describes “a process which assists organizations in identifying and minimizing the privacy risks of new projects or policies” called a Privacy Impact Assessment (PIA),

Blockchain and GDPR

Checklists

  • GDPR Checklist for Websites & Mobile Applications
  • GDPR Checklist
  • GDPR Expert - information on each article, for different countries in the EU.
    • the corresponding provision in the (former) Directive;
    • the corresponding provision in the country you have selected;
    • an analysis of the "Existing position";
    • an analysis of the "Future position";
    • an analysis of "Potential issues";
    • the first and second proposals of EU Regulation;
    • the relevant recital(s).

Frameworks