EU Blockchain Observatory and Forum report on blockchain and GDPR

The forum in their paper report that

  • GDPR compliance is not about the technology,, it is about how the technology is used. There is no such thing as a GDPR-compliant blockchain technology, there are only GDPR-compliant use cases and applications.
  • Gdpr’s requirements are easier and simpler to interpret and implement in private, permissioned blockchain networks than in public, permissionless networks.

Tensions between GDPR and blockchain revolve around the following

  • The identifcation and obligations of data controllers and processors.
  • The anonymisation of personal data.
  • The exercise of some data subject rights.

Source : Thematic GDPR Report by EU Blockchain Observatory and Forum[pdf]