By Alexander Rieger, Jannik Lockl, Florian Guggenmos, Gilbert Fridgen, and Nils Urbach

Summary:

The researchers attempted to find out if the regulations of GDPR conflicted with the features and benefits of blockchain technology. They gathered evidence from workshops, meetings, documents, and interviews. The outcome is that third-party services that provide permissioned pseudonyms are indeed able to avoid storing personal information yet provide the shared ledgers needed for blockchains.

General take-aways:

• Blockchain technology offers a promising alternative to centralized systems
• Legal barriers can arise, such as those from the General Data Protection Regulation (GDPR) in the European Union
• Those barriers can appear to conflict with the basic properties of blockchain technology
• However, the challenges can be resoluved by creating GDPR-compliant solutions

Three recommendations are offered for managing and designing GDPR-compliant blockchain solutions:

1. Avoid storing personal data on a blockchain
   
2. A blockchain solution that needs to process personal data should use a private and permissioned pseudonymization approach
   
3. A blockchain solution that needs to coordinate across organizations should use a private and permissioned pseudonymization approach