EDPB Publishes Draft Guidelines on Blockchains

The European Data Protection Board (EDPB) has published its draft Guidelines 02/2025 on the processing of personal data through blockchain technologies. The guidelines aim to clarify how GDPR applies to blockchain-based data processing. The document is currently open for public consultation and may be subject to change before final adoption.

Key excerpts from the draft guidelines:

  • Blockchain’s complexity creates GDPR challenges: The distributed and mathematically complex nature of blockchain introduces uncertainties and compliance risks, particularly affecting data subjects’ rights.
  • Data Protection by Design is essential: Blockchain’s features (like immutability) make it hard to meet GDPR obligations such as the right to erasure and storage limitation, requiring reinforced data protection by design measures from the outset.
  • Roles and architectures must be assessed early: The guidelines stress evaluating blockchain architectures and defining the roles and responsibilities of involved actors during the design phase to ensure GDPR compliance.
  • Avoid storing personal data on-chain: As a general rule, personal data should not be stored on the blockchain if it conflicts with data protection principles. If on-chain storage is necessary, advanced privacy-preserving techniques and safeguards must be applied.
  • DPIAs are critical for blockchain projects: A structured Data Protection Impact Assessment (DPIA) is required before using blockchain for personal data processing, with specific attention to blockchain-related risks and GDPR principles like transparency, rectification, and erasure.

Click here to read the draft guidelines.

See All News Here

Related News

Swedish Supreme Court Adds Nuance to Previous Ruling on Bulk Requests for Court Judgments and Decisions

NIS2 and the Swedish Regulation Jungle

EU Commission Proposes Tech Sovereignty Package with New Rules for Chips, Cloud Services and AI infrastructure