Archive|Deep Briefs|
|
← Back to Glossary

GDPR (General Data Protection Regulation)

RegulationUpdated: January 15, 2025
Also known as: General Data Protection Regulation, EU GDPR, Regulation 2016/679

Browse all Regulation terms

AI RMF (AI Risk Management Framework)Asset SegregationBeneficial OwnershipBeneficiaryBIS (Bank for International Settlements)BSA (Bank Secrecy Act)CASP (Crypto-Asset Service Provider)CASP LicenseCFTC (Commodity Futures Trading Commission)Client AssetsData MinimizationDLT Pilot RegimeeIDAS 2.0ESMA (European Securities and Markets Authority)FATF (Financial Action Task Force)FCA (Financial Conduct Authority)FEAT PrinciplesFinCEN (Financial Crimes Enforcement Network)FINMA (Swiss Financial Market Supervisory Authority)FINRA (Financial Industry Regulatory Authority)FSB (Financial Stability Board)High-Risk AI SystemHowey TestKYC (Know Your Customer)Market ManipulationMAS (Monetary Authority of Singapore)MiCA (Markets in Crypto-Assets Regulation)MiCA ComplianceMiFID IIOFAC (Office of Foreign Assets Control)OriginatorPassportingPEP (Politically Exposed Person)PII (Personally Identifiable Information)Qualified CustodianQualified InvestorRetail InvestorRight to be ForgottenSAR (Suspicious Activity Report)SEC (Securities and Exchange Commission)SOC 2 (Service Organization Control 2)Strict LiabilityTransaction MonitoringVARA (Virtual Assets Regulatory Authority)Virtual AssetVirtual Asset Service Provider (VASP)Wash Trading
EU privacy law regulating personal data processing with implications for blockchain systems

The General Data Protection Regulation is the European Union's comprehensive data protection law that came into force in May 2018, establishing strict requirements for collecting, processing, storing, and deleting personal data of EU residents, with extraterritorial application to any entity processing EU personal data regardless of location.

GDPR grants individuals rights including access to their data, rectification of inaccuracies, erasure (right to be forgotten), data portability, and objection to processing. Organizations must implement privacy by design, maintain data processing records, conduct impact assessments for high-risk processing, appoint data protection officers, and report breaches within 72 hours. Violations can result in fines up to 20 million euros or 4% of global annual revenue.

GDPR creates fundamental tensions with public blockchain architecture. Blockchain's immutability conflicts with the right to erasure since on-chain data cannot be deleted. Wallet addresses and transaction histories may constitute personal data when linked to identifiable individuals, creating compliance obligations for blockchain infrastructure operators. Solutions include storing only hashed or encrypted data on-chain with off-chain personal data storage, using permissioned blockchains with selective data access, or implementing zero-knowledge proofs enabling verification without exposing underlying personal information. The EU's eIDAS 2.0 and EUDI Wallet frameworks attempt to reconcile blockchain benefits with GDPR privacy requirements through cryptographic selective disclosure.

Related Terms

Data MinimizationRight to be ForgotteneIDAS 2.0
← Back to Full Glossary