Abstract

A blockchain is a peer-to-peer distributed ledger that registers cryptographically signed transactions in a sequence of blocks. Each block in the chain stores the hash of the previous block, thus creating a chain of blocks. Blockchain is thought to be immutable thanks to the properties provided by the hash function. More precisely, a blockchain can be described as a tamper-proof and tamper-evident chain of blocks. The immutability of a blockchain is undoubtedly one of its strongest features. However, the inability to change or delete data might be an undesirable feature in specific contexts and represents another challenge in the use of blockchain in those situations in which personal data are at stake. Art. 16 and Art. 17 General Data Protection Regulation (GDPR), introducing the data subject’s right to rectification and right to erasure, assumes that modifications and deletion of data are always possible. Therefore, there might be situations in which the actual deletion (or change) of data is mandatory, and the inability of doing so will result in a non-compliant system