Blockchain and the General Data Protection Regulation: Healthcare Data Processing

The General Data Protection Regulation (GDPR) of the European Union became binding in May 2018. The objective of the GDPR is essentially twofold. On the one hand, it seeks to facilitate the free movement of personal data between the various EU Member States, and, on the other hand, it establishes a framework for the protection of fundamental rights, based on the right to data protection as set out in Article 8 of the Charter of Fundamental Rights. The European Parliament has declared that the Blockchain must be considered a "tool that strengthens the autonomy of citizens by giving them the opportunity to control their data and decide which ones to share in the register, as well as the ability to choose who can see such data”, thus favoring the transparency of transactions. Blockchain (or distributed register technology – DLT) technologies and their potential for the European Union’s digital single market have been widely discussed in recent years. It has been argued that blockchain technologies could be a suitable tool to achieve some of the goals of GDPR. Blockchains can be designed to allow data sharing, and improve transparency on data access. This study analyzes the relationship between blockchain and GDPR, to highlight existing problems and study possible solutions in relation to the processing of health data.