The European Data Protection Board adopted draft guidelines on the processing of personal data using blockchain technologies at its April plenary session. The guidelines are open for public consultation until 9 June 2025 on the Board’s website.
The use of blockchain technologies is increasing, which is why the Data Protection Council considers it important to support organizations using these technologies in complying with data protection regulations. The new guidance assesses how different ways of building a blockchain system affect the processing of personal data.
The Finnish Data Protection Council provides examples of different techniques for minimising personal data and for processing and storing data in the guidance. The guidance emphasises that the necessary technical and organisational measures to protect personal data must be put in place already when the processing of personal data is planned.
The planning should also assess the roles and responsibilities of the different actors involved in the processing of personal data. If the planned processing of personal data is likely to result in a high risk to people’s rights, the organisation should carry out a data protection impact assessment before commencing the processing. The guidance also reminds that personal data must be carefully protected throughout the processing so that the data is not automatically made available to everyone without restrictions. The guidance also emphasises the need to take people’s rights into account.
The draft guidelines are available for consultation on the Data Protection Council’s website in English: Guidelines 02/2025 on processing of personal data through blockchain technologies