Spain: Privacy and Data Protection-related Laws

For EU’s GDPR regulation, please visit Europe: Privacy and Data Protection-related Laws

Spain abides by the EU General Data Protection Regulation (“GDPR”), which regulates data protection and privacy for individuals as well as the export of said data outside of the EU. GDPR came into effect in May 2018. Among other requirements, GDPR mandates that businesses operate by the principles of data “protection by design” and “data protection by default,” building data privacy into the design of the business itself through measures such as the anonymization or pseudonymization of user data. Designers of public blockchains should take care to comply with GDPR, which can hold against violators fines of up to 20 million euros or 4% of annual global turnover, whichever is higher.

For some entrepreneurs, a potential issue with GDPR may involve individuals’ “right to be forgotten,” which requires data custodians to be able to delete a particular user’s personal information from their database at a later date. This may not be possible on an immutable blockchain system.

Other GDPR requirements seem more suited for blockchain-based systems, such as data anonymization and pseudonymization—especially through tokenization.


  • EU General Data Protection Scheme (“GDPR”), Art. 17
Previous Section Next Section

Have a comment, edit, or item to add? Share your thoughts by commenting below!

comments powered by Disqus