Katie Simmonds and Andy Parsons from Womble Bond Dickinson (UK) LLP see that blockchain and GDPR may not be compatible.
The question of whether the use of distributed ledgers are capable of being compatible with the GDPR is far from clear-cut, which will need to be determined on an individual basis, depending on the technical design and governance of the network. Public and permissionless blockchains provide:
These features make unrestricted blockchain networks incompatible with the GDPR, which works firstly on the fundamental assumption that there will always be at least one legal person, a controller, who is clearly responsible and accountable for ensuring personal data is used in a way that is fair and secondly provides data subjects with a far-reaching range of rights, including the rights of rectification and deletion of their personal data, which may not always be possible where distributed and centralised ledger technologies are used. We therefore expect to see the rise of new regulation to address these tensions and ensure that businesses are able to embrace these new technologies, while having a clear framework to operate within.