Data protection
The practice and legal requirements for safeguarding personal data: consent, minimisation, secure storage and breach notification. The major regimes are GDPR in the EU and 152-FZ in Russia.
Aliases: data protection, personal data protection
Data protection is the body of practices and legal rules governing how organisations collect, store and use information about people.
Core principles
- Consent and lawfulness. Data is processed on a lawful basis.
- Minimisation. Only the necessary minimum is collected.
- Secure storage. Encryption, access control, breach prevention.
- Breach notification. When data is compromised, the regulator and the subjects are informed.
Major regimes
- GDPR — the EU’s strictest and most influential standard.
- 152-FZ — Russia’s personal-data law.
- Local laws in the US, the UK and other countries.
Crypto and TON angle
A blockchain is pseudonymous, not anonymous: addresses are public and the transaction graph is visible to everyone. That shapes data protection:
- Linking an address to an identity (via KYC at an exchange) de-anonymises the entire history.
- On-chain data cannot be deleted — which conflicts with the right to erasure.
- That is why personal data is kept off-chain, with only hashes or references written on-chain.
Related terms
This is general information, not legal advice; specific requirements depend on the jurisdiction and can change.