As personal data protection evolves, natural persons, as owners of their personal data, regain control of the data processing processes performed by controllers and processors. The General Data Protection Regulation (Regulation (EU) 2016/679) respects and upgrades the level of personal data protection already achieved, but that does not mean that it revolutionises this field. Blockchain technology, however, can be said to be revolutionary, having the power of transferring control over the processing of personal data by monopoly institutions to the hands of natural persons, by establishing digital trust. The master's thesis shows how technology and law can be interconnected and not mutually impeding.
The central hypothesis of the master's thesis is that the fear of incompatibility of the new technology with the rules of personal data protection, is unfounded. At first glance, some of the features of blockchain technology seem to be in conflict with the fundamental principles and rights conferred on natural persons by the GDPR. Its wording is technologically neutral, because social relationships change and develop faster than the law is written. The provisions of the GDPR should be read in the light of its objective, purpose, and fundamental principles. Understanding this, many obstacles to the implementation of personal data processing prove to be non-existent, which is specifically illustrated by the case of digitised Estonia, where citizens have the possibility of e-commerce with the state administration and e-health services through blockchain technology. Not only are technology and the law of personal data protection not contradictory concepts, but the latter can even be enhanced through technology.