Bitcoin transactions are based on Blockchain technology, which is said to be able to conduct anonymous transactions using pseudonyms. Although these pseudonyms do not contain any immediately evident personal data, this does not mean that data protection regulations can be disregarded for sensitive or very sensitive personal data. Since 2010/2011, it has been known that the identities behind bitcoin pseudonyms can be determined. Data contained in the transaction history can thus be attributed to actual people.
Providers of Blockchain-based cryptocurrency transactions must therefore implement the new EU General Data Protection Regulation (“EU GDPR”) by the end of May 2018 and take account of the planned reforms to the Swiss Data Protection Act (“DSG”).