Blockchain, the GDPR and what accounting professionals need to know

One could say, in all objectivity, that in following the 2017 buzz, excitement and hype around cryptocurrencies and blockchain technology, 2018 appears to be the year digital information, blockchain and digitization of data is going mainstream. Cutting through the buzz and excitement that surrounds blockchain — just like every other new technology option that enters the marketplace — can be challenging even in the most stable of business environments. As investments continue to increase to the tens of billions in blockchain projects and initiatives, taking a look at the broader environment, including pending regulation, is essential.

Blockchain has tremendous potential, is currently being implemented in a variety of industries including financial services organizations, and will continue to lead paradigm shifts for individuals and organizations, but one potential stumbling block linked to blockchain may have been overlooked in the excitement and buzz. One of the primary benefits of blockchain technology is that the information uploaded, verified and stored on the blockchain platform, is immediately available to all network members. Especially as it pertains to financial information this represents a leap forward in efficiency, but also potentially opens the door to costly data breaches and hacks.

If information is permanently stored on a blockchain and accessible to all members of the network, this allows organizations to generate operational and advertising opportunities based on this information, which may create a situation where some blockchain implementation may result in violation of the General Data Protection Regulation (GDPR). Put another way, do the core functionalities of blockchain technology create situations where many of the opportunities connected to blockchain will, ultimately, be constrained as regulators catch up to this technology? Especially for accounting and finance professionals, who manage, analyze and report information on a continuous basis, understanding the intersection between GDPR, blockchain and accounting services, is critically important.

As financial services firms invest billions in blockchain technologies, there are two questions that need to be addressed: (1) What are the core elements of GDPR? (2) How will GDPR impact accounting and finance blockchain projects? Let’s take a look at each one.

What exactly is the GDPR?

Taking a step back and analyzing the GDPR roll-out, several key elements appear to form the core of what is driving this regulation, especially for global finance:

  • It is global in nature: Although the regulation was developed in the European Union and covers the information of individuals residing in the European Union (EU), the processing of that data can occur anywhere. Put another way, if an organization has any contact with an EU resident information, they are subject to GDPR.
  • The GDPR is more than just words: Any regulations may sound good on paper, but without proper enforcement and penalization mechanisms, may be difficult to enforce over time. With a maximum penalty of 4 percent of annual turnover (sales) applicable for organizations that violate core components of this legislation, in addition to tiered penalties for other violations, it appears the GDPR does have deterrent power.
  • Transparency and communication are core: An issue that has repeatedly been brought to light, especially when it comes to consumer data and information, is that disclosures are not readily understandable. Complex legalese, settings and options not easily accessible, and a lack of clarity as to what exactly happens to information, are issues virtually every organization is facing. GDPR mandates that other consumer rights be enshrined into law — including easy to read and concise language provided for users, the right to be forgotten, the appointment of data protection officers and the right to access.

GDPR and accounting

Upon initial analysis, accounting and finance firms might seem to not be covered by GDPR but, drilling down, the finance and accounting of payment processing will certainly be impacted by GDPR. Information is the lifeblood of accounting and finance, and the free sharing of data drives much of accounting, finance and banking landscape.

  • Personal data is accounting data: The term personal data might simply appear to mean data collected via social media channels, but a large percentage of finance and accounting also falls under the category of personal and sensitive information. Any information that could be used to identify a customer, including banking information, credit card payments, purchase history or payment history, will fall under the GDPR.
  • Data audits will become necessary: Auditing is not something new or unfamiliar for any accounting practitioners — whether in industry or public practice — but with the implementation of GDPR, audits and other tests over data privacy procedures will eventually become standard. Leveraging existing competencies and skills, CPAs and other accounting professionals have an opportunity to help management better manage data protection, obligations and opportunities now, and in the future.
  • GDPR means opportunities and challenges: It may seem like GDPR is just another regulation for accountants to deal with, but that is an incomplete view. GDPR will also provide accountants with an opportunity to transition to a role closer to that of strategic partner. Data management, far from simply representing another compliance obligation, is a valid and realistic business opportunity that must be effectively developed, managed and maximized in an increasingly digital environment.

Accounting and finance are already in the midst of a dramatic transition and evolution thanks to blockchain technology, and GDPR will add an additional layer of complexity to be considered moving forward. That said, and instead of viewing GDPR as simply a regulatory obligation, accountants and finance professionals should emphasize and leverage the opportunities being created by standardization and rule setting embedded in the GDPR.

From time to time, we invite industry thought leaders and academic experts to share their opinions and insights on current trends in blockchain to the Blockchain Unleashed blog. The opinions in these blog posts are their own, and do not necessarily reflect the views of IBM.