Blockchain and the General Data Protection Regulation: implementation and regulatory challenges

Abstract

The rapid development of areas where blockchain technology is used has gotten a lot of attention in recent years. Users of the blockchain can make payments over a decentralized network, which eliminates the need for third parties and a central authority. One of the main characteristics of the blockchain is data immutability, which makes this possible. However, the EU General Data Protection Regulation may contradict with this principal benefit. Some of the rights defined in the GDPR may be challenged by the decentralized nature and immutability of the blockchain. Furthermore, because the data is processed by many users around the world, finding a data processor to correctly exercise the GDPR's data subject rights can be difficult. The link between GDPR and blockchain technology is investigated in this bachelor thesis. In particular, if the Regulation is applicable and compatible with the blockchain network. The existing challenges are highlighted and possible solutions to be compliant are proposed.