Deborah Harmes, Ph.D.

Recent revelations about data harvesting that companies such as Facebook have engaged in – data that is then sold on to other parties for billions of dollars each year – has prompted the European Union (EU) to make efforts in creating a more secure digital environment for consumers. General Data Protection Regulations (GDPR) was introduced in 2016 and will go into effect in May of 2018. It includes:

  • increased transparency about the data that is being collected
  • information about the potential uses for that data
  • the rights and viewing options of the people whose data has been collected
  • ways for the consumer to correct errors in the data
  • ways for the consumer to request removal of all previously gathered material
  • how to set permissions for what can and cannot be recorded in the future1

News of the soon-to-arrive GDPR has not been met with 100% approval. Certain financial groups and legal advisors have noted that a comprehensive embrace of this strategy might prove to be detrimental to companies using blockchain. These critics argue that since blockchain information is already safe, secure, and cannot be altered, corrected, or erased – there is no need to place the overlay of GDPR onto organisations that are successfully protecting the data of their customers.2

Unless a truce can be declared between GDPR regulators, who are determined to erase the existing data for millions of people, and blockchain organisations who cannot alter or erase blockchain records, an uneasy period of adjustment may lie ahead. Removing encrypted data may not be possible or economically feasible and would potentially create a need to completely reconfigure the nature of records storage for blockchain-based companies. At present, the implications are unknown since GDPR has not been made active yet. Financial commentators, advisors, and bankers are urging that all potentially-affected companies take a wait-and-see approach to the impending changes.3

Hybrid data management has also been proposed, but the partly-on, partly-off-chain solutions haven’t gained strong support to date.4


  1. GDPR (n.d.) Retrieved from
  2. Emmanuel, Ogwu Osaemezu (2018, April 10). Blockchain-based Systems Should Be Exempted From The EU’s General Data Protection Regulations (GDPR). Retrieved from
  3. Kharif, Olga (2018, March 22). Is Your Blockchain Business Doomed? Retrieved from
  4. Steinbeck, Dean (2018, March 30) How New EU Privacy Laws Will Impact Blockchain. Retrieved from