Editorial & Advertiser Disclosure Global Banking And Finance Review is an independent publisher which offers News, information, Analysis, Opinion, Press Releases, Reviews, Research reports covering various economies, industries, products, services and companies. The content available on globalbankingandfinance.com is sourced by a mixture of different methods which is not limited to content produced and supplied by various staff writers, journalists, freelancers, individuals, organizations, companies, PR agencies Sponsored Posts etc. The information available on this website is purely for educational and informational purposes only. We cannot guarantee the accuracy or applicability of any of the information provided at globalbankingandfinance.com with respect to your individual or personal circumstances. Please seek professional advice from a qualified professional before making any financial decisions. Globalbankingandfinance.com also links to various third party websites and we cannot guarantee the accuracy or applicability of the information provided by third party websites. Links from various articles on our site to third party websites are a mixture of non-sponsored links and sponsored links. Only a very small fraction of the links which point to external websites are affiliate links. Some of the links which you may click on our website may link to various products and services from our partners who may compensate us if you buy a service or product or fill a form or install an app. This will not incur additional cost to you. A very few articles on our website are sponsored posts or paid advertorials. These are marked as sponsored posts at the bottom of each post. For avoidance of any doubts and to make it easier for you to differentiate sponsored or non-sponsored articles or links, you may consider all articles on our site or all links to external websites as sponsored . Please note that some of the services or products which we talk about carry a high level of risk and may not be suitable for everyone. These may be complex services or products and we request the readers to consider this purely from an educational standpoint. The information provided on this website is general in nature. Global Banking & Finance Review expressly disclaims any liability without any limitation which may arise directly or indirectly from the use of such information.

How can Blockchain help financial services comply with GDPR?

The potential of traceable time for compliance and data validation

By Richard Hoptroff, Founder and CTO, Hoptroff London 

Data privacy regulations demand more than mere records in a database; we need data that can be trusted. The integration of a verifiable timestamp into blockchain adds a new dimension of security and traceability. Being sure that your time is correct, and being able to prove that, is vital when virtual events have physical outcomes for which someone must, now legally, take responsibility. In particular, we must get an individual’s permission to use their data, and then we can only use it in the manner for which they gave their permission. In data protection regulations like GDPR and PECR, proving that private data was used as agreed is vital.

A hash ledger can be used to make data immutable, and is much like blockchain, except that each entry is entered individually into the ledger by hashing it with the previous entry at the time it occurred using a local traceable clock. Time and place can be recorded in the ledger at regular intervals irrespective of digital events, to prove a ledger’s identity. Hash ledgers are only self-consistent, they are not identical to each other, so there is no proof of work burden.

Confidence of immutability is derived from the fact that hashing ensures that the sequence of events in a ledger cannot have happened in a different order; an entire ledger cannot be fabricated because it is interwoven with other ledgers. Real-world events, such as the inclusion of unpredictable data (e.g. news feeds) to prove “impossible before”, and the publication in indelible ledgers of record (e.g. advertising in print) to prove “impossible after”. Timestamps can confirm how personal data has been shared or used by telling us when, making traceable time a powerful tool to enforce data protection regulations like GDPR.

Traceable time in financial services: 

Richard Hoptroff
Richard Hoptroff

Traceable time is already readily utilised in financial services under MIFID II regulations. In financial markets, transactions must be demonstrated to be timestamped correctly, so that the sequence of events between servers, each referencing different clocks, can be confidently proven.

With the introduction of far reaching personal data regulations, a new application from traceable time could find a home in the financial industry. Financial firms can often employ several different vendors to maintain their IT infrastructure, and data must be properly managed through every one of these entities. Any sharing of data with third parties or outside the purpose for which it was given permission risks breaching regulation. Beyond this firms must be prepared to recall all the information they hold on an individual, and even prove it has been deleted, if requested by a customer under what is known as ‘the right to be forgotten’.

When an event happens on a computer that will have an effect in the real world, it must be recorded in such a way that we can audit the data to confirm when and where the digital event happened, particularly in an industry as sensitive as financial services. It must be possible to audit the digital business world in as much detail as accountants audit the physical business world today.

Precision timing can offer an additional layer of trust and traceability to data ledgers

Precision timing can ensure that accurate timing is delivered not just to the local server clock, but all the way down to the application level in the server where autonomous systems execute autonomous decisions. By using machine learning to optimise the performance of our synchronization software by enabling it to learn the common performance characteristics within the server. The internal latency of the server can be measured and recorded between when an application calls the clock for a timestamp and the timestamp is eventually delivered. This process can provide granularity measurement to ensure that each machine action will have its own traceable unique timestamp ID. This level of accuracy creates an additional layer of trust in the records of digital events and confidence that the time stamp on those events is verifiably correct.

Timestamps can validate data and location

How do you prove where digital events happened?  The answer is to turn place into time – time and space are inextricably linked.  If a server tells some of its neighbours about an event, and the round-trip time of the message is measured and ledgered, we can be confident that the event happened where the server claims it did.

Developing hash ledgers that are immutable in sequence, time and place is of utmost importance. This creates document watermarks that not only guarantee the document is genuine, but also where and when it was created. This is done by providing APIs that synchronize the clocks on participating devices to Universal Time (UTC).

Watermarking time is achieved by weaving traceable timestamps generated by these APIs into the ledger. The latency signatures between the ledgers and the edge devices they are communicating with likewise allows location to be estimated by triangulation. This all works without relying on the edge device’s clock being right. We can’t trust the edge device, but we can measure and record its clock’s offset from UTC.

Accurate time-stamping and precision timing in conjunction with blockchain offer many benefits in financial services, data protection and responsible data management. The growing importance and potential of this technology should not be underestimated. Accurate timing may even bring further benefits to financial services more broadly, knowing exactly when events happened allows us to detect their likely causes by examining the events immediately prior. For instance, in financial markets the causes of flash crashes could be identified. Precision timing has a bright future, and financial services will reap the benefits of its success.”