Toward a GDPR Compliant Blockchain Governance Framework

Abstract

Recent research has highlighted multiple incompatibilities between blockchain technology and the General Data Protection Regulation (GDPR) regarding data controller and data deletion. Such incompatibilities impede the adoption of blockchain technology on a larger scale. This paper aims to resolve these incompatibilities, exploring the issues that need to be considered while developing a GDPR compliant blockchain governance framework. We collected data using 20 semi-structured interviews and discussions from 18 different IT companies involved in blockchain-based service development. We analyzed the data using the Gioia approach. We identified three major governance dimensions that must be considered for GDPR compliant blockchain services, namely community, blockchain protocol, and compliance; each of which has several sub-dimensions. Our study extends prior governance frameworks, suggesting the guidelines to comply with GDPR requirements. This guidelines might help organizations to build a GDPR compliant blockchain business model. Based on our findings, we also put forward directions for future inquiry.