![](\"https:\/\/icommunity.io\/wp-content\/uploads\/2020\/04\/Blockchain-GDRP.jpg\")
<\/p>\n<\/p>\n
The GDPR was created to “regulate” the management of privacy linked to the use of user data on the web, apps and social media by web and media companies who are trying to build their competitive advantage on user profiling. The GDPR can be “interpreted” as a “digital rights charter” of people.<\/span><\/p>\n The possible relationships between GDPR and blockchain<\/b><\/span><\/p>\n The GDPR regulation impacts on a number of areas that relate to the specific characteristics of the Blockchain:<\/span><\/p>\n Data access and visibility – The data entered in the blockchain are public and accessible by anyone participating in the chain<\/span><\/p>\n Data deletion – the data stored in a blockchain are tamper-proof, therefore their deletion will not be possible once such data is entered in the distributed chain;<\/span><\/p>\n Data immutability over time – the data present in the blockchain are kept unlimited and cannot be modified, tampered with or deleted.<\/span><\/p>\n Distributed data control – blockchain are distributed therefore control over data cannot be centralized and it is the responsibility of all participants in the blockchain (it is difficult to identify the Data Protection Officer figures required by the GDPR);<\/span><\/p>\n Automated decision-making processes – with Smart Contracts, automated decision-making processes or a new type of data management must also be considered<\/span><\/p>\n Blockchain and GDPR for a Security by Design<\/b><\/span><\/p>\n Blockchain and GDPR allow creating “security by design” solutions ensuring pseudonymisation (decoupling of data from individual identity) and data minimization (sharing only the data points absolutely necessary).<\/span><\/p>\n With this setting it is impossible to reconstruct the contents of a transaction from the one- way cryptographic hash. And unless one of the parties to the transaction decides to link a public key to a known identity, it is not possible to map and link transactions to individuals or organizations. This means that even if the blockchain is “public” (where anyone can see all the transactions on it), no personal information is made public.<\/span><\/p>\n Blockchain, GDPR and legislative issues<\/b><\/span><\/p>\n The GDPR introduces some rules that may not always be respected by blockchain.<\/span><\/p>\n GDPR and Data Protection Officer – \u00a0 <\/span>The GDPR introduces the figure of the DPO – Data Protection Officer, an expert in data protection legislation and practices who must assist the person who controls or manages them in order to verify internal compliance with the regulation . The DPO must be a person with a good command of IT processes, data security and other business coherence issues regarding the maintenance and processing of personal and sensitive data.<\/span><\/p>\n “When is it necessary to appoint a personal data controller? In the GDPR, the controller must be appointed in the event that the main processing activities require regular and systematic monitoring of data subjects on a large scale, if the activities include the large-scale processing of particular categories of personal data or of data relating to criminal convictions and offenses, again when the treatment is carried out by a public authority or by a public body. “<\/span><\/p>\n