This paper aims to explore a paradoxical situation, asking whether it is possible to reconcile the immutable ledger known as blockchain with the requirements of the General Data Protection Regulations (GDPR), and more broadly privacy and data protection.,This paper combines doctrinal legal research examining the GDPR’s application and scope with case studies examining blockchain solutions from an archival theoretic perspective to answer several questions, including: What risks are blockchain solutions said to impose (or mitigate) for organizations dealing with data that is subject to the GDPR? What are the relationships between the GDPR principles and the principles of archival theory? How can these two sets of principles be aligned within a particular blockchain solution? How can archival principles be applied to blockchain solutions so that they support GDPR compliance?,This work will offer an initial exploration of the strengths and weaknesses of blockchain solutions for GDPR compliant information governance. It will present the disjunctures between GDPR requirements and some current blockchain solution designs and implementations, as well as discussing how solutions may be designed and implemented to support compliance. Immutability of information recorded on a blockchain is a differentiating positive feature of blockchain technology from the perspective of trusted exchanges of value (e.g. cryptocurrencies) but potentially places organizations at risk of non-compliance with GDPR if personally identifiable information cannot be removed. This work will aid understanding of how blockchain solutions should be designed to ensure compliance with GDPR, which could have significant practical implications for organizations looking to leverage the strengths of blockchain technology to meet their needs and strategic goals.,Some aspects of the social layer of blockchain solutions, such as law and business procedures, are also well understood. Much less well understood is the data layer, and how it serves as an interface between the social and the technical in a sociotechnical system like blockchain. In addition to a need for more research about the data/records layer of blockchains and compliance, there is a need for more information governance professionals who can provide input on this layer, both to their organizations and other stakeholders.,Managing personal data will continue to be one of the most challenging, fraught issues for information governance moving forward; given the fairly broad scope of the GDPR, many organizations, including those outside of the EU, will have to manage personal data in compliance with the GDPR. Blockchain technology could play an important role in ensuring organizations have easily auditable, tamper-resistant, tamper-evident records to meet broader organizational needs and to comply with the GDPR.,Because the GDPR professes to be technology-neutral, understanding its application to novel technologies such as blockchain provides an important window into the broader context of compliance in evolving information governance spaces.,The specific question of how GDPR will apply to blockchain information governance solutions is almost entirely novel. It has significance to the design and implementation of blockchain solutions for recordkeeping. It also provides insight into how well “technology-neutral” laws and regulations actually work when confronted with novel technologies and applications. This research will build upon significant bodies of work in both law and archival science to further understand information governance and compliance as we are shifting into the new GDPR world.

中文翻译：

---

“世界边缘与无限可能性之间的界限”

据说区块链解决方案给组织处理受GDPR约束的数据带来了哪些风险（或减轻了风险）？GDPR原则与档案理论之间有什么关系？这两套原则如何在特定的区块链解决方案中保持一致？归档原理如何应用于区块链解决方案，以便它们支持GDPR合规性？这项工作将初步探索区块链解决方案用于GDPR合规信息治理的优缺点。它将介绍GDPR要求与当前一些区块链解决方案设计和实现之间的脱节，并讨论如何设计和实施解决方案以支持合规性。从可信任的价值交换（例如，加密货币）的角度来看，记录在区块链上的信息的不变性是区块链技术的一个与众不同的积极特征，但如果无法删除个人身份信息，则可能使组织面临违反GDPR的风险。这项工作将有助于理解如何设计区块链解决方案以确保符合GDPR，这对于希望利用区块链技术的力量以满足其需求和战略目标的组织可能具有重大的实际意义。法律和商业程序等区块链解决方案也已广为人知。对数据层的了解要少得多，以及它如何在像区块链这样的社会技术系统中充当社会与技术之间的接口。除了需要对区块链的数据/记录层和合规性进行更多研究之外，还需要更多的信息治理专业人员可以在这一层上为他们的组织和其他利益相关方提供输入。管理个人数据将继续成为信息治理发展中最具挑战性，最棘手的问题之一；鉴于GDPR的范围相当广泛，因此许多组织（包括欧盟以外的组织）都必须按照GDPR来管理个人数据。区块链技术在确保组织易于审核，防篡改，篡改证据记录以满足更广泛的组织需求并符合GDPR。，因为GDPR自称是技术中立的，因此了解其在区块链等新技术中的应用为在不断发展的信息治理中更广泛的合规环境提供了重要的窗口GDPR将如何应用于区块链信息治理解决方案的特定问题几乎是全新的。这对于记录保持的区块链解决方案的设计和实现具有重要意义。它还提供了在遇到新技术和新应用时“技术中立”的法律法规实际如何运作的见解。