RGPD
On 8 April 2025, the European Data Protection Board (EDPB) published crucial guidelines on the use of blockchain in relation to the General Data Protection Regulation (GDPR). This text, regularly updated and open for consultation until 9 June 2025,
Reading time:
7 min
On 8 April 2025, the European Data Protection Board (EDPB) published crucial guidelines on the use of blockchain in relation to the General Data Protection Regulation (GDPR). This text, regularly updated and open for consultation until 9 June 2025, highlights the importance of regulating emerging technologies while respecting the fundamental rights of individuals.
Indeed, the characteristics inherent to blockchain, such as its immutability and decentralisation, pose major challenges for GDPR compliance, particularly with regard to data retention and the right to erasure. Thus, the issue of data protection within this technical infrastructure also raises questions of digital sovereignty in Europe. The EDPB's ambition is to establish an ethical and practical framework allowing innovation without giving up citizens' rights.
In this article, we will explore the challenges that blockchain poses to data protection regulation, the EDPB's recommendations for ensuring GDPR compliance, and the interaction between digital sovereignty and technological advances.
If you wish to engage a GDPR lawyer, contact me!
Blockchain is often celebrated for its technical features, such as decentralisation and immutability. Yet these very traits raise significant challenges for compliance with the General Data Protection Regulation (GDPR). The EDPB guidelines identify several major points of friction between blockchain and GDPR requirements.
First of all, the limitation of data retention constitutes a central challenge. Under Article 5(1)(e) of the GDPR, personal data must be kept for a period no longer than is necessary for the purposes for which they are processed. However, once data is recorded on a blockchain, its immutable nature makes its isolated erasure difficult, if not impossible. This directly contradicts this storage limitation requirement.
The EDPB stresses that the absence of an obvious controller or the technical irreversibility of data does not exempt blockchain actors from their responsibility towards the GDPR. The need to adopt technical and organisational solutions to manage these challenges therefore becomes essential.
The question thus arises as to how sector actors can navigate this complex environment and what recommendations can be implemented to achieve effective compliance with the GDPR while continuing to innovate.
Let's discuss your needs for 15 minutes!
In the context of the challenges mentioned above, the European Data Protection Board (EDPB) has formulated recommendations aimed at enabling compliance between blockchain and the GDPR. These guidelines, although still under consultation, offer valuable insights for sector actors seeking to navigate this complex legal landscape.
First of all, the EDPB emphasises the importance of integrating data protection principles into blockchain solutions from the design stage. This approach, known as Privacy by Design, requires systematic consideration of how personal data is collected, processed and stored. For example:
In addition, the EDPB recommends the use of emerging technologies to strengthen data protection, such as:
It is also essential to maintain good data governance. This involves:
These recommendations, although technical, address crucial issues relating to digital sovereignty and fundamental rights. As Europe strives to balance innovation and the protection of individuals, it is imperative that blockchain actors adopt these guidelines.
We will now explore how digital sovereignty shapes the future of blockchain technologies in Europe and the implications that follow.
I want reliable legal documents!
The notion of digital sovereignty has become a central issue in European policy, directly affecting the development and application of blockchain technologies. As the world becomes increasingly interconnected, concerns about data protection, security and technological independence have soared. The EU aims to build a digital space that respects the fundamental values it promotes, and blockchain is envisaged as a key tool in this quest.
One of the major aspects of this digital sovereignty lies in data governance. The EU seeks to avoid leaving the data of European citizens exposed to external legislation. Consequently, blockchain infrastructures should be located and controlled by trusted entities within the EU. This framework is essential to ensure that the GDPR rules are fully respected, particularly with regard to the international transfer of data mentioned in Chapter V of the GDPR. A blockchain ledger located outside the EU could potentially expose the data to a risk of non-compliance.
Furthermore, initiatives such as the EBSI (European Blockchain Services Infrastructure) project aim to create reliable and secure digital services, thereby strengthening the foundations of digital sovereignty. By adopting a solid legal framework and promoting technologies that respect fundamental rights, Europe aspires to become a leader in the field of ethical blockchains. A digital law lawyer can support organisations in this transition towards compliant blockchain infrastructures.
In conclusion, the way in which the EU shapes its digital sovereignty will have a decisive impact not only on compliance with the GDPR but also on the future of blockchain technologies as a whole. In doing so, the EU could lay the foundations for a model to be followed worldwide, combining innovation with respect for human rights.
To learn more
On 8 April 2025, the European Data Protection Board published guidelines on the use of blockchain with regard to the GDPR. This text, open for consultation until 9 June 2025, aims to regulate this technology while respecting the rights of individuals.
The characteristics of blockchain, such as its immutability and decentralisation, pose challenges for GDPR compliance, particularly regarding data retention and the right to erasure. Reconciling these technical properties with individuals' rights is complex.
This is one of the main challenges. The immutability of blockchain makes the deletion of data difficult, whereas the GDPR guarantees a right to erasure. The EDPB guidelines aim to propose solutions to reconcile these two requirements.
Yes. Decentralisation makes it difficult to identify a single data controller and to control the data. This complicates the application of the GDPR's obligations, which the EDPB guidelines seek to clarify.
The EDPB aims to establish an ethical and practical framework allowing innovation with blockchain without giving up citizens' rights. The objective is to regulate this emerging technology while ensuring the protection of personal data.
Yes. The protection of data within a blockchain infrastructure raises questions of digital sovereignty in Europe. Regulating this technology contributes to data control and to respect for fundamental rights within European territory.
Compliant use requires anticipating the difficulties related to immutability and decentralisation, limiting the personal data recorded on the chain, and following the EDPB guidelines. A case-by-case analysis is necessary for each project.
A data protection lawyer helps reconcile blockchain and the GDPR, qualify responsibilities, limit the risks related to immutability, and apply the EDPB guidelines. This support secures projects using this technology.
Still have questions?
Our team is available!
Have a question?

Ressources
Aller plus loin