CEN - PWI: Guidelines and Best Practices for processing Personal Data using Blockchain and DLT
Cybersecurity and applied game theory
Data Provenance
Identity Management
DLT as trust anchor infrastructure
DLT-based profile aligned with eIDAS
Blockchain technology presents unique challenges for data protection, GDPR compliance, and privacy due to its immutable and decentralised nature. Currently, no European standard exists to provide guidelines for processing personal identifiable information (PII) using blockchain and DLT systems in compliance with the GDPR and other applicable European regulations. The CEN/CLC JTC 19/WG 3 working group was established to fill this gap, with the new european standard providing technical and organisational measures to align blockchain applications with European privacy regulations.
By harmonising efforts with ISO TC307/JWG4, this initiative ensures that blockchain privacy standards reflect European regulatory requirements while remaining globally interoperable. This work supports the European Commission Rolling Plan for ICT Standardisation, particularly in data governance, privacy, and cybersecurity, enabling trustworthy blockchain adoption for businesses, regulators, and consumers.
This project contributes directly to developing CEN/CENELEC JTC19 WG3's first standard: EN XXX – Guidelines on processing PII using blockchain and DLT. This work builds on DIN SPEC 4997 and aims aligns with relevant ICT standards, including:
• ISO/IEC 27555 – Guidelines on Identification and De-identification
• ISO/IEC 27001 – Information Security Management Systems
• ISO TC307 – Blockchain and DLT governance and privacy
By bridging the gap between blockchain’s decentralised nature and EU data protection laws, this standard will ensure privacy compliance, legal clarity, and interoperability. It will also support European regulators, businesses, and policymakers in adopting secure, privacy-preserving blockchain applications.
SMEs often struggle with GDPR compliance in blockchain, leading to high costs and legal uncertainty. This standard will provide clear technical guidelines, reducing compliance burdens and fostering trust in blockchain-based identity, finance, and data management solutions.
By ensuring interoperability and legal certainty, SMEs can confidently integrate blockchain into cross-border business operations, benefiting from a harmonised European regulatory framework. The project also helps lower entry barriers, enabling SMEs to innovate, compete, and expand securely within the EU Digital Single Market.
The standard enhances data protection and privacy rights by ensuring blockchain aligns with European legal frameworks. Citizens will gain greater control over their personal data, promoting secure digital identity solutions and trustworthy blockchain applications.
The project also aims to mitigate risks such as data misuse, re-identification, and surveillance concerns. By setting a privacy-by-design approach, blockchain technology can serve societal interests ethically and transparently. This fosters public trust in digital services, strengthening Europe’s leadership in responsible blockchain governance.
ISO/IEC 27555 – Guidelines on Identification and De-identification
ISO/IEC 27001 – Information Security Management Systems
ISO TC307 – Blockchain and DLT governance and privacy
Co - Project Leader for "Digital Currencies - Vocabulary"
Blockchain and cross-domain interaction
The project addresses the critical gap in standardised terminology for digital currencies, ensuring consistency across financial and blockchain ecosystems. By creating a harmonised vocabulary, it aligns with European priorities for financial innovation, interoperability, and regulatory clarity. This work supports the Digital Single Market Strategy by enhancing cross-border transactions, compliance, and financial transparency. Additionally, it contributes to the Rolling Plan for ICT Standardisation, aligning digital currency standards with EU regulations such as MiCA (Markets in Crypto-Assets Regulation). The lack of a unified terminology has hindered adoption, legal certainty, and cross-sector communication.
This initiative strengthens Europe's role in global digital finance and blockchain governance, supporting financial institutions, policymakers, and businesses in adopting secure, interoperable, and legally sound digital currency solutions.
The project directly contributes to the ISO TC68/JWG1 "Digital Currency: Vocabulary" standard, which is essential for global financial and blockchain standardisation. By defining and structuring key terms, it ensures clarity for financial institutions, regulators, and technology providers working with digital currencies. This work aligns with ISO/TC 68/JWG 1 efforts on Blockchain and DLT and fostering interoperability between traditional financial systems and emerging digital assets. The vocabulary provides a foundation for further technical and regulatory standards, reducing ambiguity in smart contracts, cross-border payments, and digital asset classification. The outcome strengthens EU standardisation strategies, ensuring that Europe remains at the forefront of digital financial infrastructure while reinforcing global competitiveness in blockchain and DLT innovation.
SMEs benefit from this project by gaining clear, standardised terminology that simplifies access to blockchain and digital finance. Many SMEs struggle with the complexity of digital assets and regulatory compliance—this vocabulary enables them to navigate these challenges more effectively. By reducing legal uncertainty and ensuring interoperability, it lowers entry barriers for startups and fintech companies innovating in digital payments, tokenisation, and DeFi (Decentralised Finance). The standardised terminology fosters a more inclusive, accessible financial ecosystem, allowing SMEs to adopt blockchain solutions with greater confidence and security.
A standardised vocabulary for digital currencies enhances transparency, security, and trust in blockchain-based financial transactions. This benefits consumers, businesses, and regulators by ensuring clear, unambiguous definitions of digital financial instruments. The project supports financial inclusion by making digital assets more accessible and understandable, particularly for new users and underserved populations. It also helps in consumer protection, aligning terminology with EU regulatory frameworks to prevent fraud and misinformation. Ultimately, it contributes to the safe, responsible, and sustainable adoption of digital currencies in Europe and beyond.
Bio
Christian Grafenauer is the Convener of CEN/CENELEC JTC19 WG3, focusing on developing European standards for Personal Identifiable Information (PII) processing in Blockchain and Distributed Ledger Technology (DLT). His leadership aims to align blockchain privacy frameworks with GDPR, enhancing legal certainty and interoperability across sectors.
Christian's expertise extends to blockchain technology, data protection, and the implementation of GDPR-compliant solutions. He authored "Privacy by Blockchain Design," now advancing as a CEN standard, and has actively contributed to ISO TC307. His involvement with ANEC in CEN JTC21 working groups underscores his commitment to consumer protection and privacy in digital technologies.
Currently, Christian spearheads EN XXX – Guidelines for PII processing using blockchain and DLT, facilitating collaboration between regulators, industry experts, and technical committees to establish privacy-preserving blockchain practices and harmonise privacy standards across Europe. His efforts are pivotal in fostering secure, compliant, and ethical blockchain adoption.

Title & Organisation Name: Blockchain, AI & Privacy Standardisation Expert at DIN Verbraucherrat e.V (Deutsches Institut für Normung)
Country: Germany