EDPB Finalizes GDPR Guidelines for Blockchain on July 8, Confirms Immutability Does Not Exempt Data Protection

According to the European Data Protection Board (EDPB), the regulator finalized new guidelines on July 8, 2026, clarifying how the General Data Protection Regulation (GDPR) applies to blockchain technologies. The EDPB confirmed that blockchain operators cannot avoid GDPR obligations simply because records are immutable or because personal data has been encrypted or hashed on-chain. Organizations remain responsible for protecting data subject rights regardless of technical architecture. The guidelines note that private and consortium blockchains are generally better suited for GDPR compliance, while assigning controller and processor responsibilities on public permissionless networks remains extremely difficult due to their decentralized nature. The regulator recommends that organizations keep personal data off-chain whenever possible, using blockchain primarily to store cryptographic references while maintaining deletable personal information in conventional databases.
Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments