The French data protection authority, Commission Nationale de l’Informatique et des Libertés (CNIL), became the first European data protection authority to issue written guidance on the intersection of the use of blockchain technology and the General Data Protection Regulation (GDPR). The CNIL guidance provides welcome clarification on how to tackle some of the inherent tensions between GDPR and blockchain, although the CNIL left open certain important issues that will require deeper analysis and explanation in the future.

In this update, we detail the new guidance and important steps for blockchain network participants in minimizing risk when relying on blockchain technology for the processing of personal data.