Through this publication we have identified
that, while it may not yet be possible to
definitively solve all of the challenges posed
by the GDPR and other privacy regimes to
the implementation of blockchain solutions,
progress can be made if the interested parties
work together openly and pragmatically.
Blockchain and the GDPR can co-exist
We do not feel that, by definition, blockchain technology
and data protection and privacy are inherently
contradictory. Quite the opposite. Indeed, we believe
that a blockchain solution that respects the fundamental
principles of data protection and privacy is achievable,
and the four key elements necessary to achieve that aim,
as identified in this publication are:
1 Use of a private, permissioned blockchain.
2 Avoiding, if possible, the storing of personal data
on the blockchain, eliminating / minimising freeform
3 Implementing a detailed governance framework.
4 Employing innovative solutions to traditional data
protection problems even if untested.
A Call for Guidance
We will conclude by repeating our call on regulatory
authorities to take the steps necessary to address the
outstanding privacy challenges posed by blockchain
technology, most importantly, in relation to
1 the use of encryption as a means of anonymisation
and deletion of personal data; and
2 the use of supplementary statements as a means
of complying with obligations to correct inaccurate
personal data. Regulatory intervention is necessary
here because innovative solutions to traditional
data protection challenges will only succeed
with the understanding and support of regulators
There is a risk that, if steps are not taken by regulators and
lawmakers to bridge the gap between data protection law
and blockchain technology, we will witness a slowing in
(or even end to) advancements in blockchain solutions.
Such an outcome would ultimately be detrimental to
technological developments that may have the capacity to
deliver substantial benefits to the world as a whole.
GDPR and the Blockchain I 45