DID YOU KNOW? CREDENTIALS MANAGEMENT IS CRITICAL FOR DATA PROTECTION LAWS’ COMPLIANCE!

“We want to be compliant with the Data Protection Laws BEFORE they become mandatory”

If you are an issuer or verifier of IDs or Credentials, chances are, this has already crossed your mind. The penalties and the legal consequences of not being compliant cannot be ignored.

“Introduced in India’s parliament on December 11, 2019, Personal Data Protection Bill (DPB), sets rules to control the collection, processing, storage, usage, transfer, protection, and disclosure of personal data of Indian residents.” — Carnegie.org

“The General Data Protection Regulation (GDPR) is the toughest privacy and security law in the world. Though it was drafted and passed by the European Union (EU), it imposes obligations onto organizations anywhere, so long as they target or collect data related to people in the EU.” — GDRP.eu

“How can an issuer of credentials comply with data protection laws?”

We need to first understand that the data protection laws are not just for IDs. They cover credentials that include Employment records, University certificates, Land registry, Vehicle registry, and many more. Complying with these laws requires providing complete control and ownership of the credentials to the citizens and consenting them on its management. This is the Self Sovereign Identity (SSI) we referred to in the vID Episode#1. Vlinder Labs is helping partners implement this by using Blockchain-based Decentralized ID.

“OK! What is Blockchain and why Decentralized ID?”

Blockchain is a distributed ledger of transactional records that are immutable and easily verifiable with mathematical proof by anyone having access to the internet. A Blockchain ID uniquely identifies an entity in the Blockchain network while keeping it anonymous. The issuer and the citizen will acquire unique Blockchain IDs using Vlinder’s platform, where each ID is accompanied by a Public-Private key pair. The ID is called Decentralized because they are not controlled by any central authority. The issuer can then issue digitally signed credentials to the Citizens on Blockchain, via Public-Key Cryptography. On receiving, these credentials are digitally signed, encrypted, and stored in the citizen’s mobile wallet by Vlinder’s platform. Since each credential is digitally signed by the issuer and the citizen, no alteration in the digital credentials can occur after it is issued (as any alteration can be easily detected). These stored credentials can then be shared by the citizen with the verifiers, directly, without having to get it verified again by the issuer.

“OK. I understand how it helps to comply with Data Protection laws. How does it help the entire ecosystem? Are there any more benefits?”

Yes! There are a lot more benefits. Watch out for the next few articles to understand how Vlinder is helping the entire eco-system of Issuers, Verifiers, and Citizens in handling and managing the Credentials.