UC Law Science and Technology Journal


The European General Data Protection Regulation (GDPR) embodies a set of enforceable data subject rights, data controller and processor obligations, and compliance requirements. The GDPR outreach is extraterritorial and impacts US blockchain-based businesses that collect and process personal data of individuals from the EU. Given the ambiguities of the law itself surrounding what is considered as personal data on blockchain, and who data controllers and processors are, this research examines the corporate governance response to the GDPR as a bottom-up solution for compliance. To secure the sustainability of the business models based on blockchain solutions there is an immediate need to revisit traditional agency theory of corporate governance. Modern theory of corporate governance must inevitably integrate Corporate Social Responsibility and Environmental, Social, and Governance standards into its policies and procedures to mitigate risks and hedge against breaches of data security and privacy.