GDPR, Blockchain, and the Principles of Privacy by Design

Monday December 3rd, 2018 by Silvan Jongerius

Since the introduction of the GDPR we have dealt with many aspects of the regulation. What has emerged as one of the most interesting areas for me to work on is Privacy by Design (or “Data Protection by Design and by Default,” in the language of the GDPR). The simple requirement to implement privacy from the very beginning of the development of a product finds us in interesting situations where we are asked to consult companies in their product design process. Our team has experience in product development, both from the business and technical side, and is therefore perfectly placed to assist as privacy experts in such a process, especially if it is about blockchain or other revolutionary technologies.

The shift from quick fixes to caring about privacy

It is a pleasure to work with the continuously growing pool of companies who see privacy and data protection as a real priority. Some companies are even seeking to leverage it as a competitive advantage as customers begin to see the value in data privacy and seek products and services while taking data protection into consideration.

These thoughts became the base for my latest presentation “Privacy by Design for Blockchain”, which I gave at both the DWF Blockchain Meetup in Berlin, “GDPR & Blockchain,” and at the Data Natives Conference 2018, also in Berlin.

Privacy by Design metaphor

In my research for these presentations, I discovered  that much of the work done on Privacy by Design dates back to the mid-1990’s, when Dr. Ann Cavoukian, then Privacy Commissioner of Ontario, Canada developed the Seven Foundational Principles of Privacy by Design. Dr. Cavoukian has been leading great work in this area ever since, currently leading the Privacy by Design Centre of Excellence at Ryerson University.

Blockchain, GDPR and Privacy by Design primer

As I have been investigating how blockchain, GDPR, and the Seven Foundational Principles of Privacy by Design correlate—and could be interpreted as in compliance with Article 25 of the GDPR—I have written a primer on the matter. I plan to develop this document into a more in-depth work in the future, but I thought it would be worth sharing my initial thoughts here. I welcome all comments and suggestions through email, Twitter, or LinkedIn.

Download the 5-page primer to Privacy by Design and GDPR in Blockchain – Silvan Jongerius (PDF).


Silvan Jongerius is the CEO of TechGDPR.

Greg McMullen of COALA IP, as well as Abigail Garner of TechGDPR have kindly reviewed this work.

Silvan Jongerius

GDPR’s Right to be Forgotten in Blockchain: it's not black and white.
August 13th, 2019

What is the difference between personally identifiable information (PII) and personal data?
June 27th, 2019

Personal data and cold calling under the GDPR
June 25th, 2019

Blockchain & DLT under the GDPR explained to the European Commission
June 4th, 2019

One year of GDPR: GDPR enforcement and awareness
May 25th, 2019

Our first open GDPR Canvas workshop
May 21st, 2019

WiFi-Tracking and Retail Analytics under the GDPR
April 8th, 2019

How to develop Artificial Intelligence that is GDPR-friendly
February 28th, 2019

Is total privacy GDPR compliant? Zcash report shows how “Privacy by Design” handling of personal data gets us close.
February 5th, 2019

The GDPR + Blockchain: Reflecting back and looking ahead
January 8th, 2019

Artificial Intelligence (3)
Beyond EU (5)
Big Data (2)
Blockchain (10)
Court Cases (1)
Data Subjects (6)
DLT (1)
DPO (2)
European Commission (1)
GDPR Canvas (1)
GDPR Status (1)
IoT (4)
Privacy by Design (7)
Speaking (1)
Startups (1)
Terminology (1)
WiFi (1)
Workshop (2)
Article 17
Artificial Intelligence
Big Data
call center
Cold calling
European Commission
GDPR Analysis
GDPR so far
gdpr workshop
gdpr year one
one year gdpr
open workshop
personal data
personally identifiable information
Privacy by Design
Retail Analytics
right to be forgotten
right to erasure
August 2019 (1)
June 2019 (3)
May 2019 (2)
April 2019 (1)
February 2019 (2)
January 2019 (1)
December 2018 (2)
October 2018 (1)
September 2018 (1)
August 2018 (3)
July 2018 (5)
June 2018 (1)
March 2018 (1)

Contact us to find out how we can help you with your GDPR compliance.