New EU privacy law, General Data Protection Regulation (GDPR), set to take affect in May 2018 goes against one of blockchain technologies biggest selling points.

Altering data “just doesnt work on a blockchain,” said John Mathews, the chief finance officer at Bitnation. “Blockchains are by their nature immutable,” says Mathews. “The GDPR says you must be able to remove some data, so those two things don’t square off.”

Blockchain Could Face Fines for Non-Compliance

Any blockchain projects that store user data could face sanctions if they don’t align with GDPR standards. Sanctions could be fines of up to €20 million or 4 percent of global revenues. This could lead businesses, that otherwise would have started using blockchain, to take alternative data security measures.

GDPR May Negate Innovation

Many in the data-security industry agree that blockchain has the potential to make big changes. If GDPR stands in its way though, progress towards a useful and decentralized data solution may be delayed. The new privacy law is based on the framework of data security of tools that existed prior to blockchain. Jutta Steiner, the founder of decentralized tech company Parity.io, says “GDPR needs a proper review.”

The regulators responsible for GDPR didn’t account for the way public decentralized network architecture works. There is no such thing as the deletion of personal data. While this may be concerning to policy-makers, in some cases it provides better data security and privacy.