France abides by the EU General Data Protection Regulation (“GDPR”), effective May 25, 2018. GDPR regulates data protection and privacy for individuals as well as the export of said data outside of the EU. Among other requirements, GDPR mandates that businesses operate by the principles of “data protection by design” and “data protection by default,” building data privacy into the design of the business itself through measures such as the anonymization or pseudonymization of user data. Companies should take care to comply with GDPR, which can hold against violators fines of up to 20 million euros or 4% of annual global turnover, whichever is higher.
For some, a potential issue may revolve around individuals’ “right to be forgotten,” which requires data custodians to be able to delete a particular user’s personal information from their database at a later date. This may not be possible on an immutable blockchain system.
Other GDPR requirements seem more suited for blockchain-based systems, such as data anonymization and pseudonymization—especially through tokenization.
|Previous Section||Next Section|