GDPR, Blockchain, and the Principles of Privacy by Design

Monday December 3rd, 2018 by Silvan Jongerius

Since the introduction of the GDPR we have dealt with many aspects of the regulation. What has emerged as one of the most interesting areas for me to work on is Privacy by Design (or “Data Protection by Design and by Default,” in the language of the GDPR). The simple requirement to implement privacy from the very beginning of the development of a product finds us in interesting situations where we are asked to consult companies in their product design process. Our team has experience in product development, both from the business and technical side, and is therefore perfectly placed to assist as privacy experts in such a process, especially if it is about blockchain or other revolutionary technologies.

The shift from quick fixes to caring about privacy

It is a pleasure to work with the continuously growing pool of companies who see privacy and data protection as a real priority. Some companies are even seeking to leverage it as a competitive advantage as customers begin to see the value in data privacy and seek products and services while taking data protection into consideration.

These thoughts became the base for my latest presentation “Privacy by Design for Blockchain”, which I gave at both the DWF Blockchain Meetup in Berlin, “GDPR & Blockchain,” and at the Data Natives Conference 2018, also in Berlin.

Privacy by Design metaphor

In my research for these presentations, I discovered  that much of the work done on Privacy by Design dates back to the mid-1990’s, when Dr. Ann Cavoukian, then Privacy Commissioner of Ontario, Canada developed the Seven Foundational Principles of Privacy by Design. Dr. Cavoukian has been leading great work in this area ever since, currently leading the Privacy by Design Centre of Excellence at Ryerson University.

Blockchain, GDPR and Privacy by Design primer

As I have been investigating how blockchain, GDPR, and the Seven Foundational Principles of Privacy by Design correlate—and could be interpreted as in compliance with Article 25 of the GDPR—I have written a primer on the matter. I plan to develop this document into a more in-depth work in the future, but I thought it would be worth sharing my initial thoughts here. I welcome all comments and suggestions through email, Twitter, or LinkedIn.

Download the 5-page primer to Privacy by Design and GDPR in Blockchain – Silvan Jongerius (PDF).


Silvan Jongerius is the CEO of TechGDPR.

Greg McMullen of COALA IP, as well as Abigail Garner of TechGDPR have kindly reviewed this work.

Silvan Jongerius

How to use legitimate interest under the GDPR?
January 29th, 2021

The impact of the GDPR on Big Data
December 1st, 2020

International Transfers of Personal Data after the Schrems II ruling
August 6th, 2020

A Comparison of POPIA and GDPR in Key Areas
July 28th, 2020

HIPAA, the GDPR and MedTech
July 23rd, 2020

Small meetings under the COVID-19 ordinance in Berlin
March 18th, 2020

Response to the GDPR-relevant points in the German Blockchain Strategy of September 2019
September 29th, 2019

GDPR compliant products debunked: it’s all about HOW you use it
September 26th, 2019

GDPR’s Right to be Forgotten in Blockchain: it's not black and white.
August 13th, 2019

What is the difference between personally identifiable information (PII) and personal data?
June 27th, 2019

Artificial Intelligence (3)
Berlin (1)
Beyond EU (6)
Big Data (2)
Blockchain (10)
Comparison (1)
Court Cases (1)
Data Subjects (6)
DLT (1)
DPO (2)
European Commission (2)
GDPR Canvas (1)
GDPR Status (2)
Germany (2)
International Transfers (1)
IoT (4)
Privacy by Design (7)
Regulation (3)
Speaking (1)
Startups (1)
Strategy (2)
Terminology (2)
Uncategorized (2)
WiFi (1)
Workshop (2)
Article 17
Artificial Intelligence
Big Data
call center
CJEU ruling
Cold calling
Data transfers
European Commission
GDPR Analysis
GDPR Compliance
GDPR so far
gdpr workshop
gdpr year one
German Blockchain Strategy
International transfers
medical data
one year gdpr
open workshop
personal data
personally identifiable information
Privacy by Design
privacy policy
Retail Analytics
right to be forgotten
right to erasure
Schrems II
south africa
January 2021 (1)
December 2020 (1)
August 2020 (1)
July 2020 (2)
March 2020 (1)
September 2019 (2)
August 2019 (1)
June 2019 (3)
May 2019 (2)
April 2019 (1)
February 2019 (2)
January 2019 (1)
December 2018 (2)
October 2018 (1)
September 2018 (1)
August 2018 (3)
July 2018 (4)
June 2018 (1)
March 2018 (1)

Contact us to find out how we can help you with your GDPR compliance.