Sam Palmisano, the retired chairman of IBM in a recent interview on Bloomberg said it is hard to come up with a good solution for creating public blockchains which are fully compatible with General Data Protection Regulations (GDPR) in Europe

Blockchains are immutable, so once data has been added it cannot be changed or removed, which is in direct conflict with GDPR.

Palmisano believes that because private blockchain has more centralization, ought to be more compliant, but because public blockchains are very decentralized they struggle to be compliant with GDPR.

Queen Marys and Cambridge Universities have also raised similar concerns. A possible solution is to ensure that Blockchains do not hold personal/ private data so this information would be held off chain where such data could be removed or changed if required at some stage in the future.
https://readwrite.com/2019/03/04/how-can-blockc...compliant/