ShoCard, a leading blockchain-based identity management system (IMS), today announces its technology meets the European Union’s (EU) new regulatory framework for data, known as the General Data Protection Regulation (GDPR), “Privacy by Design” standards. The IMS removes the necessity for authentication data to be stored on organization databases. Instead, it is stored completely on the user’s mobile device, secured with their private key and shared via the blockchain. Affected EU-based companies, as well as U.S.-based and other foreign-based companies, processing or holding the personal data of persons residing in the EU, no matter where they are located or where its data is processed within the region, are expected to have GDPR compliant solutions in place ahead of the legislation’s enforcement date of May 25, 2018.
With user privacy at the core of ShoCard’s value proposition, ShoCard solutions meet “Privacy by Design” standards. ShoCard’s IMS platform gives users control over their data and helps companies comply with GDPR by allowing companies to authenticate users without storing their authentication personally identifiable information (PII) data. By using the blockchain as a source of validation, ShoCard solutions protect a user’s privacy, as the original data can never by reverse engineered. It can only be used, with the user’s permission, to independently identify the authenticity of the user.
“The problem with merely encrypting data is that it’s not secure enough to be a full solution to GDPR and data privacy requirements. If the key to the encrypted data is ever found, then it can be accessed by hackers,” said Armin Ebrahimi, CEO and founder of ShoCard. “IMSs using blockchain technology, like ShoCard’s solutions, remove the need to store PII at all, which circumvents the necessity of large, vulnerable databases and meets GDPR requirements.”
In addition, using the platform ultimately reduces requests to access, erase and correct user data, as the data is not stored on company databases. Organizations also obtain definitive proof of consent for permission-based user data. ShoCard solutions facilitate permission-based access of information by giving users control of the sharing of their data, leaving an audit trail of consent on the blockchain. The user can remove that consent at any time, satisfying the GDPR’s right to erasure.