[dullgiulio]

Not just a public blockchain, any blockchain. Say an employee leaves, they should have the right to have records removed. The internal Enterprise Blockchain doesn't allow that.

But because of hype, every big company has to have some sort of blockchain somewhere, for no good reason. The EU will get a lot of bad publicity while actually doing something very reasonable.

[GlitchMr]

Huh? If that was the case, it would go a bit too far, as it would make technologies like e-mail or git illegal to use internally, considering those are likely to have a real name of a person who sent an e-mail/committed.

[vertex-four]

Git history can be modified, as can email headers, but yeah - the law is more about e.g. disciplinary records, stuff stored on your section of the company file server, and other things which the company really has no legitimate use for once you’ve left.

In practice, the best solution to this is for companies to check over their data retention policies and making sure they’re not holding on to data for longer than they need to - which may involve creating processes to take information out of emails and put it somewhere more structured/permanent - rather than being blindsided with a request without the infrastructure to handle it. The best response, after all, is “we deleted/modified that data so as to comply with your request already”, rather than “we’ll be back to you once we’ve read through your 50,000 emails and decided which ones we need to keep”.

[adventured]

> because of hype, every big company has to have some sort of blockchain somewhere, for no good reason.

Fortunately that's not actually the case. Amusingly, it's nothing more than hype that every big company is actively using blockchain somewhere. Most of the Fortune 500 could care less from what I've seen of press releases and a couple hundred quarterly reports over the last two years. Blockchain is meaningless to their businesses for now because it's still not being used for anything of consequence to them. There are a few exceptions, most of which are in finance.

[geocar]

> Say an employee leaves, they should have the right to have records removed.

Not exactly. They have the right to be forgotten which is slightly different, and the company has certain rights to keep those records. Recital 65 is quite broad and allows a company to remember that it hired (or fired) someone because it may need this information to protect against legal claims, or to pay taxes correctly (i.e. another legal obligation). It would seem to permit private blockchains, and (at least in some cases) public blockchains.

http://www.privacy-regulation.eu/en/recital-65-GDPR.htm