The Personal Data Protection Commission (“PDPC“) recently launched the Guide on Personal Data Protection Considerations for Blockchain Design (“Guide“) to help organisations with blockchain adoption.
The Guide provides principles and considerations on how to comply with the Personal Data Protection Act 2012 (“PDPA“) when deploying blockchain applications that process personal data. It also provides guidance on data protection by design (DPbD) considerations for organisations to implement more accountable management of customers’ personal data. Specifically, it looks at:
- Considerations and recommendations for personal data on permissionless blockchain networks;
- Considerations and recommendations for personal data on permissioned blockchain networks; and
- Using off-chain approaches to further mitigate personal data protection risks on both permissionless and permissioned networks.
In its Annex, it also covers developing a data protection management programme (DPMP) for blockchain operators.
The Guide will be relevant to organisations that:
- Govern, configure and operate blockchain networks and consortia (i.e. blockchain operators);
- Design, deploy and maintain applications on blockchain networks (i.e. application service providers); and
- Use blockchain applications (i.e. participating organisations).
In this Update, we elaborate on the key points of the Guide. Although largely focused on blockchain technology, some of the Guide’s principles and recommendations may be applicable to other Distributed Ledger Technologies (DLTs) as well.
For more information, click here to read the full Legal Update.