In regards to GDPR and especially the right to be forgotten (right to erasure, Article 17), is it legal to store pseudo-anonymized (hashed or encrypted) personal data in an immutable data store such as a public blockchain?
As data can never be erased or modified from a blockchain, would it still be legal due to pseudo-anonymization?
It is impossible to state whether blockchains are, as a whole, either completely compliant or non-compliant with the GDPR. Blockchains often seek to achieve decentralisation by replacing a unitary CONTROLLER with many different entities, making the allocation of responsibility and accountability almost impossible. Additionally, exercisable rights are confounded by blockchains in order to preserve so-called data integrity and trust in the technology. That said, it may be possible for private and discrete permissioned blockchains to comply with GDPR requirements but the compatibility of these technologies and the GDPR can only ever be assessed on a case-by-case basis.