Clifford Chance

The Personal Data Protection Commission (PDPC), Singapore's main authority body for administering the Personal Data Protection Act (PDPA) , has published a guide on personal data protection considerations for blockchain design to help organisations with blockchain adoption by clarifying how to comply with the PDPA when deploying blockchain applications to ensure more accountable management of customers’ personal data.

The guide covers:

• policy considerations and risks associated with writing personal data on both permissionless and permissioned blockchains; and
• considerations for data protection by design (DPbD) approaches with respect to the storage and transmission of personal data on blockchains.

The guide also recommends that operators of blockchain consortia implement a data protection management programme (DPMP), in order to establish a robust data protection infrastructure within consortia and demonstrate that the consortia and their participants are accountable for their customers’ personal data.

The Guide does not attempt to be a comprehensive reference or prescribe specific implementations for blockchain applications. Instead, it provides organisations with a broad set of principles and considerations in designing and configuring their blockchain applications to be PDPA-compliant. 

The recommendations set out in this Guide also do not ensure compliance with other data protection or privacy laws, such as the European Union General Data Privacy Regulations (GDPR).

The PDPC have also published an acccomanying inforgraphic to explain  the key takeaways from the guide.