A blockchain is a series of blocks of data that
are linked together by a cryptographic hash.
Each block of data in the chain includes a hash
of the previous block. Because the previous
block in the chain includes a hash of the block
before that one (and so on back to the first
block), the blocks form a continuous chain.
The hash stored in each block of the chain operates like
a fingerprint of the previous block. It is possible to run
the hash function over the previous block to confirm
that it generates the correct hash. If the previous block is
changed in any way, it will not generate the correct hash
and the chain will be broken. Therefore, the data of any
block in the chain cannot be modified without changing
the hash of every block that comes after it in the chain.
Separately, there is the concept of a distributed ledger.
A distributed ledger is a database that is stored separately
and maintained independently yet synchronously by a
consensus mechanism, across multiple points (nodes)
on a network. Most, but not all, distributed ledgers are
implemented using a type of blockchain.
While the concepts of a "blockchain" and a "distributed
ledger" are distinct, in this paper we use the term
"blockchain" to refer to a distributed ledger which is
implemented using blockchain technology.
Where a distributed ledger is implemented as a blockchain,
each copy of the blockchain serves as a copy of the ledger
and multiple nodes on the network will each have a copy
of the blockchain. This means that where one copy of the
blockchain is modified, everyone else with a copy of the
blockchain (i.e. every other node on the distributed ledger
network) can detect that modification, because the hash
of the latest block of the modified chain will be different
to that of the latest block of their own chain.
The ultimate source of truth (the true ledger) is the ledger
recorded by the blockchain as maintained by a majority
of the nodes on the network. It is therefore generally only
possible to modify a ledger by having that majority of the
nodes adopt the modified blockchain. The greater the
number of nodes, the more difficult it would generally
be for anyone to modify the blockchain maintained by
a majority of them, and therefore modify the ledger.
So, once included in a blockchain, data is generally
immutable: it cannot be changed and it cannot be deleted
(at least not in the traditional sense of the word).
It is this aspect of blockchain technology that most
obviously runs against the aims of the GDPR, which has
individuals' rights to correct and delete their own personal
data at its very core. Detailed analysis of the interplay
between the GDPR and blockchain technology follows in
section 4 and section 5.
GDPR and the Blockchain I 11