Introduction
The European Data Protection Board (EDPB) has issued new guidelines to aid organizations in aligning blockchain technology use with the General Data Protection Regulation (GDPR). These guidelines are designed to ensure that personal data processing through blockchain technologies adheres to established data protection standards.
Description
The European Data Protection Board (EDPB) has adopted new guidelines regarding the processing of personal data through blockchain technologies [1] [2]. These guidelines aim to assist organizations in complying with the General Data Protection Regulation (GDPR) as the use of blockchain increases [1]. The EDPB outlines how blockchains function [1], evaluates various architectures [1], and their implications for personal data processing [1].
Key recommendations include implementing technical and organizational measures early in the design process and assessing the roles and responsibilities of different actors involved in blockchain-related processing [1]. Organizations are advised to conduct a Data Protection Impact Assessment (DPIA) prior to processing personal data through blockchain [1], particularly when there is a high risk to individuals’ rights and freedoms [1].
The guidelines emphasize the necessity of protecting individuals’ personal data to prevent unauthorized access by a large number of individuals [1]. Techniques for data minimization and proper handling and storage of personal data are provided [1], with a general recommendation against storing personal data on a blockchain if it contradicts data protection principles [1].
Additionally, the guidelines stress the importance of upholding individuals’ rights [1], particularly concerning transparency [1], rectification [1], and erasure of personal data [1]. A public consultation on these guidelines has been initiated [1] [2], with responses required by 9 June 2025 [2], allowing stakeholders to provide feedback [1].
Furthermore, the EDPB has decided to collaborate with the AI Office to draft new guidelines that explore the relationship between the EU General Data Protection Regulation (GDPR) and the EU Artificial Intelligence Act (AI Act).
Conclusion
The EDPB’s guidelines are pivotal in shaping how organizations integrate blockchain technology while safeguarding personal data. By emphasizing early implementation of protective measures and thorough assessments, these guidelines aim to mitigate risks to individual rights and ensure compliance with GDPR. The collaboration with the AI Office further highlights the evolving landscape of data protection in the context of emerging technologies.
References
[1] https://www.edpb.europa.eu/news/news/2025/edpb-adopts-guidelines-processing-personal-data-through-blockchains-and-ready_en
[2] https://www.freevacy.com/news/edpb/edpb-to-work-with-ai-office-on-new-gdpr-and-ai-act-interplay-guidelines/6311
