Page 0017

4.1

What is the GDPR?

The GDPR is a European Union regulation on

data protection and privacy for individuals

within the European Economic Area (the EEA).

The GDPR was implemented in May 2018 and

marked a significant evolution in data protection

law in Europe. This paper will not summarise

every aspect of the GDPR, but will instead

highlight those aspects of the Regulation we

consider to be most relevant to the question

of GDPR compliance for blockchain solutions.

While the GDPR governs how personal data relating to

individuals inside the EEA may be processed, it also has

a wide-ranging extra-territorial application. The GDPR

applies first and foremost to entities that are processing

personal data in the context of a European establishment,

regardless of whether or not the processing takes place

in the EEA. However, the GDPR also applies to entities

established outside the EEA that are offering goods or

services to (or monitoring the behaviour of) individuals

in the EEA.

As the GDPR became effective within the past twelve

months, there remains much ambiguity and uncertainty

as to how it will be enforced, especially in relation to

innovative technologies such as blockchain. After all,

the GDPR was not designed with distributed ledger

technology in mind. It is however possible to gauge, to

some extent at least, the likely approach of European

regulators to blockchain technologies. This can be

achieved by assessing regulators' public statements and

policies related to blockchain, which are considered later

in this paper.

Given that the GDPR is generally perceived as a

high-watermark of international data protection laws

(and becoming a template for increasing numbers of

countries' own data protection laws), engineering a

blockchain solution that is GDPR compliant will help

efforts aimed at achieving worldwide data protection and

privacy compliance.

4.2

What is personal data?

In relation to the GDPR, personal data is any information

relating to an identified or identifiable natural person.

It includes data such as names, addresses, identification

numbers, location data, and IP addresses.

The GDPR also sets out special categories of personal data,

the processing of which is subject to stricter regulation.

These more sensitive categories of personal data include

personal data revealing racial or ethnic origins, political

opinions, religious beliefs and health data.

GDPR and the Blockchain I 15

Index

  1. Page 0001
  2. Page 0002
  3. Page 0003
  4. Page 0004
  5. Page 0005
  6. Page 0006
  7. Page 0007
  8. Page 0008
  9. Page 0009
  10. Page 0010
  11. Page 0011
  12. Page 0012
  13. Page 0013
  14. Page 0014
  15. Page 0015
  16. Page 0016
  17. Page 0017
  18. Page 0018
  19. Page 0019
  20. Page 0020
  21. Page 0021
  22. Page 0022
  23. Page 0023
  24. Page 0024
  25. Page 0025
  26. Page 0026
  27. Page 0027
  28. Page 0028
  29. Page 0029
  30. Page 0030
  31. Page 0031
  32. Page 0032
  33. Page 0033
  34. Page 0034
  35. Page 0035
  36. Page 0036
  37. Page 0037
  38. Page 0038
  39. Page 0039
  40. Page 0040
  41. Page 0041
  42. Page 0042
  43. Page 0043
  44. Page 0044
  45. Page 0045
  46. Page 0046
  47. Page 0047
  48. Page 0048
  49. Page 0049
  50. Page 0050
  51. Page 0051
  52. Page 0052