The European Union Blockchain Observatory and Forum, a consultancy body under the umbrella of the European Commission, has published guidance on how distributed ledger technology (DLT) companies can avoid breaching the General Data Protection Regulation (GDPR).
According to the document, which was prepared by ConsenSys, blockchain companies should first analyze how their DLT products create user value, whether personal data is part of that process and if not, whether a real need exists to store that type of information by using blockchain.
Secondly, companies should implement various tools to anonymize the information to a maximum degree in cases where personal data plays a part in the value creation process. When using techniques such as reversible encryption, hashing (non-reversible encryption), and data obfuscation, enterprises should analyze the so-called reversal and linkability risk.
The organization again called on EU authorities to address the issues that create tension between GDPR and blockchain businesses, mainly the erasing clause, the identification and obligations of data controllers and processors, and the anonymization process by using blockchain.