Market Report

Effects of GDPR on companies using Blockchain technology




Last modified


GDPR lock hanging above sharks Crypto Heroes

All over the world, data privacy is increasingly becoming a point of concern for businesses and their customers. More people are becoming aware of the threat of data harvesting and breaching of personal data for commercial use. In a move to reshape the way data is handled across different sectors, the EU parliament approved the GDPR (General Data Privacy Regulations) on March 25th, 2018. This came about after 4 years of preparations designed to bring harmony in the data privacy laws in Europe.  Even though the laws of the EU GDPR only apply to EU subjects, many organizations have taken the initiative to re-evaluate their data protection policies.

Since the implementation of the GDPR, its hard requirements are set to change the way Blockchain based businesses process and host user personal data. Given that Blockchain is a technology in its infancy, there is a lot of ambiguity on whether it can co-exist with regulations such as the GDPR.

Will GDPR stop Blockchain?

There are more than half a billion European data subjects set to be affected by the GDPR laws. This means companies in the EU zone, as well as all companies around the world that provide services to EU citizens, are going to be affected.

The changes, however, won’t have a huge effect on cryptocurrencies like Bitcoin since such technologies are designed to be used as fungible digital assets. However, for global conglomerates like Amazon and Facebook, GDPR laws will control how they process personally identifiable data while giving more freedom to the users on such platforms.

Likewise, there are various emerging companies using Blockchain to store user’s personal data that will be affected. GDPR requirements will not necessarily put an end to Blockchain technology but decentralized applications that record any user’s health, business and financial data will have to re-evaluate their use of the immutable technology.

Here is how Blockchain companies are set to be affected by GDPR:

More strict KYC and service restriction

Since all companies that serve EU citizens are now obligated to give users full access to their personal data, you can expect Blockchain companies to consolidate personal data in various ways as well. For a user to be able to modify, delete or view their own personal data at will, Blockchain based companies will have to restrict the user from using a single account. Businesses will have to implement tools and portals on their platforms for the purpose of displaying a user’s personal data all in one location. This is because the only way to make data easy to delete is to store it off-chain on the cloud with a hash on the Blockchain. Additionally, cryptocurrency exchanges will have to adopt strict know your customer (KYC) verification procedures to prevent any risk of non-compliance to GDPR.

Service restriction based on geographic location

Even though there are some Blockchain based services that will see it fit to bring about changes for all the users, some will find it affordable to only effect GDPR compliance in the EU. A good example is Coinbase which is a cryptocurrency exchange that currently has a separate privacy rights dashboard only accessible to EU residents with separate privacy policies for its UK and US customers. The downside to GDPR is that some companies will completely shut down their activities in the EU. Such examples have already been seen with companies such as CoinTouch (a P2P cryptocurrency exchange) that have announced the termination of their services for EU citizens.

Improved of 3rd party access to user personal data

Unbeknownst to most platform users, service providers often let third-party entities have access to user personal data in the name of better service delivery. As a result, these third-party companies can harvest data and process that data for a wide range of purposes without the knowledge of the platform’s user. With GDPR, Blockchain based companies will have to update their privacy policies such that the third parties with access to a user’s data are clearly detailed in the terms and conditions. This will allow users to learn more about how the service provider conducts business leading to better transparency.

GDPR and blockchain companies Crypto Heroes

The ICO market might suffer the most

After Bitcoin’s meteoric rise in price last year, the ICO market followed suit with investors from all over the globe rushing to invest in the most promising ICOs. With GDPR in place, data storage specific Blockchain applications are facing huge risk keeping in mind Blockchain immutability and GDPR’s right to erasure and privacy. In fact, the problem might prevent users in the EU from buying ICO tokens as the process requires registration with personally identifiable data on the Blockchain.


If the EU parliament was to amend the GDPR laws and include Blockchain transactional data as identifiable personal data, then cryptocurrencies, as we know them, would be illegal in the EU. For now, GDPR’s effect to cryptocurrencies is still unknown as the guidelines for compliance are open to interpretation. For Blockchain applications, however, there are unexpected impacts that go beyond the few we have mentioned above. Blockchain-based companies should, therefore, look for alternative technologies that allow for compliance to GDPR or seeks to re-evaluate their privacy policies entirely.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *