The forum in their paper report that
- GDPR compliance is not about the technology,, it is about how the technology is used. There is no such thing as a GDPR-compliant blockchain technology, there are only GDPR-compliant use cases and applications.
- Gdpr’s requirements are easier and simpler to interpret and implement in private, permissioned blockchain networks than in public, permissionless networks.
Tensions between GDPR and blockchain revolve around the following
- The identifcation and obligations of data controllers and processors.
- The anonymisation of personal data.
- The exercise of some data subject rights.