GDPR compliance for Fintech, Blockchain & Crypto companies
Innovative technology needs an innovative approach to GDPR compliance. From AML/KYC data to decentralized processing and governance.
We have in-depth experience with Blockchain and Distributed Ledger Technology (DLT), and is therefore perfectly positioned to help Blockchain companies with their GDPR compliance. We (have) work(ed) with layer 1 and layer 2 blockchain protocols, cryptocurrencies, cryptocurrency exchanges and blockchain applications. Through research experience, for example as the initiator and co-chair (2019-2021) of the INATBA privacy working group, through joint research with leading law firms and through advisory for EU and national institutions we have built up in-depth experience with decentralized technology, crypto, blockchain and fintech.
Are Blockchain and GDPR incompatible?
On the surface it may seem that GDPR and Blockchain or Distributed Ledger Technology (DLT) clashes and are fundamentally incompatible, but when you look at the details of both, you will also discover opportunities.
The challenges revolve around questions such as:
- What is actually considered personal data on a blockchain? Wallet address? Transaction? Hashed personal data?
- Who, in a distributed environment is actually the data controller, data processor or perhaps even joint-controller?
- How to deal with the right to be forgotten (GDPR Art. 17) on an immutable ledger?
- Who is to be held responsible in case of, for example, a breach?
- Can encrypted personal data be stored on a blockchain?
- How to deal with KYC/AML data required for many processes these days.
While most of these questions can not be answered generally, looking at the principles of the GDPR provides some guidance. There are many reasons to involve data protection by design for blockchain projects as the impact the rights and freedoms of individuals may be severely affected when their data makes it onto the blockchain.
Generally, blockchain, GDPR and distributed ledger technology is misaligned with the GDPR because of the decentralized data handling. While there are ways to construct a set-up that can theoretically work, this is often inpracticable.
TechGDPR has deep experience with GDPR, blockchain, crypto and DLT projects.
We have worked with over a dozen companies in the blockchain/crypto industry alone and keep adding to the list on a regular base. The particular challenges are very clear and we follow the latest development and actively contribute to it. This allows us to be as efficient as possible in this already complex space.
Some public examples of our work with Blockchain:
- Contribution to the DIN 4997 SPEC on Privacy by Blockchain Design (2019-2020)
- Contribution to one of the first position papers on Blockchain and the GDPR, of Bundesverband Blockchain
- Co-editing the INATBA privacy working group report on the Impact of Data Protection Regulation to the Blockchain Ecosystem
- Co-edited the INATBA privacy working group report on Data Protection Regulations world-wide and the impact on Blockchain
- Report on the use of Zcash within a subscription payment system (read more on Forbes)