Blockchain technology has advanced
tremendously over the past decade, and now
provides a viable alternative to traditional
database solutions. In particular it is suggesting
dramatic advancements in solutions for recording,
processing and sharing information: offering
decentralisation, accessibility and reliability.
However, the EU's recently enacted General Data
Protection Regulation (GDPR) poses significant
compliance hurdles to the ongoing development
of blockchain-based solutions involving storing
and transacting with data about individuals.
This paper identifies some of these hurdles, such as
the GDPR rights to have one's personal data deleted
or corrected, which sit at odds with the very concept
of an immutable blockchain. This paper will also offer
suggestions on how best to implement GDPR-compliant
blockchain solutions. Rather than offering a theoretical
discussion on creating a GDPR-compliant blockchain
solution, this publication examines a realworld use case
developed by Marine Transport International (a UK-based
digital logistics enabler) to provide practical solutions to
the issues the GDPR poses to blockchain implementers.
What we have identified in writing this publication is
that not all of the blockchain challenges posed by the
GDPR and other privacy regimes can currently be bridged.
However, we do feel that the gap left by those challenges
is relatively small, and the fundamental freedoms forming
the policy behind such privacy laws can be maintained and
protected in particular blockchain environments. However,
this will require both lawmakers and regulators to take an
active and pragmatic approach to blockchain technology.
We believe that a blockchain solution that respects the
fundamental principles of data protection and privacy is
achievable if the following four guiding principles