Concepts for GDPR-Compliant Processing of Personal Data on Blockchain

Abstract

Blockchain is an emerging technology that is currently highly discussed in academia and practice. It offers a new approach of sharing data with participants in a network without the need to fully trust them. Among other reasons, this can be achieved be-cause data once stored on a Blockchain is immutable. The recently introduced General Data Protection Regulation (GDPR) standardizes the European privacy regulations and brings major changes regarding how to handle personal data. Literature agrees that processing personal data on Blockchain is not compliant with the requirements of the GDPR. The present paper conducts a structured literature review and identifies four possible concepts for potentially GDPR-compliant data processing using Blockchain: Encryption & Key Destruction, Legal Argumentation, Off-Chain Storage, Redactable Blockchain. Each concept is described and analyzed in view of GDPR’s requirements. It becomes clear that the concepts Legal Argumentation and Encryption & Key Destruction might at the moment not be totally compliant with the GDPR.