As blockchain technology becomes more widely used in support of new types of decentralised applications and platforms, lawmakers and regulators will increasingly find themselves faced with challenging questions. As we are developing 4thTech applications and protocols we had to develop them according to guidelines of the European Union legislation, especially Regulations eIDAS and GDPR.

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). The GDPR mandates that EU visitors be given a number of data disclosures.

General Data Protection Regulation (“GDPR”) compliance is not about the technology, it is about how the technology is used.

There are many tensions between the GDPR and blockchain technology, but they are due to two overarching factors:

  • the first is that the GDPR requires an identifiable controller against whom data subjects can enforce their legal rights under EU data protection law,
  • the GDPR requires that data can be modified or erased where necessary to comply with legal requirements.

The 4thTech protocol does not store any personal data on the blockchain. The data is stored off-chain. The protocol records links to encrypted files and hashes of the encrypted content on the blockchain. The hashing of exchange data enables the GDPR compliance, for example, if there were a request to delete some data (i.e. documents), the network controller would be able to delete the requested data from off-chain storage, leaving what would then become an empty hash on-chain.