Spoiler Alert: Whoever is thinking of using the blockchain in their technology and systems, needs to understand their compliance obligations especially GDPR.
Confidentiality
According to GDPR you must have appropriate security to prevent the personal data you hold being accidentally or deliberately compromised (Article 5(1)(f) of the GDPR). Any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier is considered personal data (GDPR article 4). This means that a crypto wallet address can be regarded as an identifier that directly relates to information on the blockchain of an individual. Bitcoin is fully traceable and doesn’t ensure confidentiality. If you know the wallet address – you can check the existing balance and all transactions history of anyone. Monero on the other hand, is designed with privacy in mind. Even if someone knows your wallet address, they cannot check your balance or transactions history.
Right to access
Right to erasure
Right to rectification
Privacy by design
Conclusion
In conclusion, applications based on block chain technology, such as Bitcoin, by default don’t meet GDPR requirements and will have to put extra effort to compensate for certain fundamental properties of blockchain technology such as transparency, immutability and recording to align their solutions with GDPR. Some, however, like Monero have been designed with privacy and security in mind and are more compliant with GDPR than others by default. Note that in this article we have only looked to a few GDPR requirements and that full compliance with GDPR would require many other technical and organisational measures to be considered.