On May 25th, 2018 a new privacy law took effect with Europe. The GDPR or General Data Protection Regulations, and it gives EU citizens control over who control buttons their personal data and over what happens with it. It's the why you are bombarded with popups asking your permission to build up and process your personal data. It's the same reason this e-mail newsletters ask you if you're still interested in them all and why a lot of companies are suddenly making it easier to grab a copy of the data they have on you.

Companies from all over the world will work quickly to make sure they are GDPR compliant because otherwise, some people face the risk of paying heavy fines. However , Blockchain concept is changing everything so what happens when a blockchain possesses personal data? The problem with the data on blockchains is that it is:

Open
Transparent
Immutable ie. data stored at a blockchain cannot be changed or erased.
These are properties for this technology that cannot be changed and at the same time, doesn't look wonderful for enforcing privacy.
Understanding the General Data Protection Legislations

Before we dive into the compliances of the GDPR let understand a few commonly used terminologies:

Data Controllers - Depending on EU law, companies that store your data are named data controllers. Common examples would be Facebook, Google, Iphone etc .
Data Processors - Companies that work with your data to analyze it are known as data processors. For example , The major search engines Analytics, Moz Analytics, Socialblade etc .
In most cases, the Data operator and the Data processor is the same entity, however , the duty of complying with the GDPR lies with the Data remote. Let's also make a note here, that the GDPR is only around play when the personal data of EU citizens are participating. Any company storing information of EU citizens have to go through the regulation, including Facebook or Apple.
EU law state governments that personal data is any information relating to an founded or identifiable natural person ('data subject'); an in line with natural person is one who can be identified, directly or indirectly, acquire by reference to an identifier such as a name, an individuality number, location data, an online identifier or to one or more issues specific to the physical, physiological, genetic, mental, economic, personal or social identity of that natural person. This is a extended definition, which essentially means any data such as some sort of IP address, a Bitcoin wallet address, a credit card or any transaction, if it can be directly or indirectly linked to you, it can be defined as particular data.

The 3 GDPR Articles that conflict with Blockchain properties

There are three articles in GDPR namely Reports, 16, 17 and 18 that make life difficult to get companies that are planning to use a distributed ledger network for carrying out their business.

Article 16: This article in the GDPR allows EU citizens to correct or change data a data controller has on you. Not only can you change existing information that they have on you but you can also add new data if you feel that current data is inaccurate or incomplete. The problem is, from a distributed network, adding new data isn't a problem however , changing it - is.
Article 17: This article refers to the "right to be forgotten". It's not possible to delete info from a blockchain and therefore this article immediately conflicts with the files protection regulation.
Article 18: This article refers to the "right towards restrict processing". Basically, this prevents companies from along with your data if the data is inaccurate or if it was initially illegally collected.
One of the major concerns ofa blockchain may be the fact they are completely open, so anyone can get a copy to your data and do anything they want with it. So , you don't have every control over who is processing your data.
Possible solutions pertaining to co-existence!

Encryption - A popular solution would be to encrypt own data before storing it on a distributed network. So this means, only those with the decryption key have access to the data. Now this key is destroyed, the data becomes useless. This is satisfactory in some countries such as the UK however , there are others who seem to argue that strong encryption is still reversible. With advances in scheming, it's only a matter of time when encryption could be ruined at faster rates and the personal data would be out there again. The debate for encryption still rages regarding.

Permission Blockchains - In a public chain, anyone will put new data on the chain and the data is seen for everyone to see. However , in a permission blockchain, access is certainly controlled and only given to a few known and trusted people. This makes permission distributed network Article 18 compliant. However , unfortunately, it doesn't comply with Article 17, and the right to get forgotten. Even in a permission chain, the data is still immutable and cannot be deleted or edited. A possible solution to great to store the data on a secure server with read and even write access. We then store a reference to of which data on our blockchain via a link using a hash operate. We can store this hash on the blockchain. Hash operates are popular for verifying the integrity of the archives on our secure server. Also, hash functions cannot be turn back engineered to reveal data. If we delete the data on the equipment, the hash function becomes useless and is no longer is personal data.