Certified Information Privacy Professional – Europe (CIPP/E) — Question 262

Since blockchain transactions are classified as pseudonymous, are they considered to be within the material scope of the GDPR, or outside of it?

Answer options

• A. Outside the material scope of the GDPR, because transactions do not include personal data about data subjects in the European Union.
• B. Outside the material scope of the GDPR, because transactions are for personal or household purposes.
• C. Within the material scope of the GDPR to the extent that transactions include data subjects in the European Union.
• D. Within the material scope of the GDPR but outside of the territorial scope, because blockchains are decentralized.

Correct answer: C

Explanation

The correct answer is C because blockchain transactions that involve individuals in the EU fall under the GDPR's material scope, even if they are pseudonymous. Options A and B are incorrect as they incorrectly state that blockchain transactions are exempt due to the absence of personal data or their nature. Option D is also incorrect since it misrepresents the applicability of GDPR based on the decentralized aspect of blockchains.