GDPR Compliant Blockchains – A Systematic Literature Review

Although blockchain-based digital services promise trust, accountability, and transparency, multiple paradoxes between blockchains and GDPR have been highlighted in the recent literature. Some of the recent literature also proposed possible solutions to these paradoxes. This article aims to conduct a systematic literature review on GDPR compliant blockchains and synthesize the findings. In particular, the goal was to identify 1) the GDPR articles that have been explored in prior literature; 2) the relevant research domains that have been explored, and 3) the research gaps. Our findings synthesized that the blockchains relevant GDPR articles can be categorized into six major groups, namely data deletion and modification (Article 16, 17, and 18), protection by design by default (Article 25), responsibilities of controllers and processors (Article 24, 26, and 28), consent management (Article 7), data processing principles and lawfulness (Article 5,6 and 12), and territorial scope (Article 3). We also found seven research domains where GDPR compliant blockchains have been discussed, which include IoT, financial data, healthcare, personal identity, online data, information governance, and smart city. From our analysis, we have identified a few key research gaps and present a future research direction.