6.7
Regulatory engagement with
open issues
In addition to our calls for specific guidance from
European data protection authorities in certain areas,
there may also prove to be value in actively engaging
with regulators to elicit suggestions to further aid
compliance. Since the GDPR is a new regulation, there is
much uncertainty about how regulators will enforce its
provisions. As of May 2018 (the month the GDPR came
into effect), seventeen of twenty-four EU member state
authorities said they were unable to fulfil the obligations
the GDPR placed on them.41
As recently as November 2018, the European Parliament
Committee on Civil Liberties, Justice and Home Affairs
called for additional research into blockchain technology
to determine how the technology may clash with
the GDPR.42 In light of this uncertainty, there are likely
to be benefits from developing strong relationships with
regulators to ensure up-to-date information around
regulatory views on specific areas of GDPR compliance.
One way to develop relationships could be to enter into
programs such as the UK Information Commissioner's
Office (ICO) regulatory sandbox, which will aim to provide
a safe space where organisations can develop innovative
products and services using personal data while engaging
with the ICO on ways to comply with the GDPR. Entities
inside the sandbox will not be exempt from the GDPR's
obligations, but will benefit from close interaction with the
ICO about what is required for GDPR compliance. Through
participation in programs such as the ICO's regulatory
sandbox, implementers and regulators can become aware
of and champion new blockchain technology that provides
creative approaches to the regulatory challenges posed by
the immutable nature of blockchain.
GDPR and the Blockchain I 43