Lesson 7: Responsibilities for Builders and Protocols

Being GDPR-compliant isn’t just about avoiding fines. It’s about proving that you care about your users and their data. That means implementing data protection by design and by default.

You’ll need to minimise data collection, limit access, use encryption, and document everything. You must also be ready for audits and build governance structures that enable compliance, even in decentralised networks.

International data transfers are a huge risk. If your protocol broadcasts data to nodes in third countries, you might need to implement safeguards like Standard Contractual Clauses or assess foreign surveillance risks. Even passive replication counts!

Reading: EUCI GDPR Booklet – Security, Governance & International Transfers (Sections VIII–IX)