We live in an era of rapid technological development. Though this provides humanity with amazing opportunities to enhance our standard of living, it also forces lawmakers to work around the clock to analyse and capture the implications of the technology into legislation.
GDPR was drafted based on a world in which centralised and identifiable actors control personal data (generally!). Many blockchain solutions operate radically differently. Aligning blockchain technology and the GDPR is difficult, but it's not impossible.When developing your blockchain solution, it is important to take data protection principles and data subject rights into account at an early stage, provide appropriate privacy notices, enable users to agree to appropriate terms of use and establish relevant governance rules for the platform. Document the measures you have taken in terms of obfuscation, off-chain storage etc., and also detail the advantages your blockchain solution has as regards the right to the protection of user data. Make sure the solution only stores personal data on a blockchain if it is strictly necessary and try to keep as much as possible in a secure, access restricted off-chain environment.
My colleagues in our blockchain and data protection groups have teamed up to produce a some guidance on this topic, "The Tension between GDPR and the Rise of Blockchain Technologies". Check it out here.
The Tension between GDPR and the Rise of Blockchain Technologies
The content above was originally posted on CMS DigitalBytes - CMS lawyers sharing comment and commentary on all things tech.