...by Daniel Szego
"Simplicity is the ultimate sophistication."
Leonardo da Vinci

Sunday, May 6, 2018

Blockchain and GDPR

Making a Blockchain solution GDPR compatible is not an easy task. What you can consider is the following: 
- Do not store personal data on the Blockchain. If so, you do not have too much problems with the GDPR, like as an example if you generate keys randomly that are used directly or indirectly as addresses and you store the personal identity for each key in a centralized registry that can be deleted or modified, you can be GDPR conform. 
- You can try to store implied information of the personal data, like hash or hash of the hash of the personal data, or encrypted personal data. If the data is deleted, the actual data will be deleted behind the hash and you might as well have a new blockchain entry to show that the given hash value was deleted consciously. 
- physical deleting from the Blockchain is not really supported. However some blockchain platforms support something as archiving the blockchain at certain stages. Instead of archiving, you might as well imagine simply to delete the history. Certainly, it means security of the blockchain will be surely much smaller, but it might be acceptable in certain situations.