Building a Blockchain Application that Complies with the EU General Data Protection Regulation
Study: Building a Blockchain Application that Complies with the EU General Data Protection Regulation
The researchers attempted to find out if the regulations of GDPR conflicted with the features and benefits of blockchain technology. They gathered evidence from workshops, meetings, documents, and interviews. The outcome is that third-party services that provide permissioned pseudonyms are indeed able to avoid storing personal information yet provide the shared ledgers needed for blockchains.
- Blockchain technology offers a promising alternative to centralized systems
- Legal barriers can arise, such as those from the General Data Protection Regulation (GDPR) in the European Union
- Those barriers can appear to conflict with the basic properties of blockchain technology
- However, the challenges can be resoluved by creating GDPR-compliant solutions
Three recommendations are offered for managing and designing GDPR-compliant blockchain solutions:
How it was studied:
- Avoid storing personal data on a blockchain
- A blockchain solution that needs to process personal data should use a private and permissioned pseudonymization approach
- A blockchain solution that needs to coordinate across organizations should use a private and permissioned pseudonymization approach
Complying with the EU General Data Protection Regulation (GDPR) poses significant challenges for blockchain projects, including establishing clear responsibilities for compliance, securing lawful bases for processing personal data, and observing rights to rectification and erasure. We describe how Germany’s Federal Office for Migration and Refugees addressed these challenges and created a GDPR-compliant blockchain solution for cross-organizational workflow coordination. Based on the lessons learned, we provide three recommendations for ensuring blockchain solutions are GDPR-compliant.