I don’t really understand how blockchains are compatible with the GDPR’s right to be forgotten. Even a website that lets people buy bitcoin, how is that legal in Europe? They can’t remove the record of your transactions if you ask them to.
They can remove the records from all their systems and argue that the public Blockchain is outside their control.
Or maybe they argue that transactions are not personal data because they are from wallets not linkable to an individual after the company has deleted the information required to link a wallet to a person.
It should be "GDPR-compliant organisations don't use blockchain *for data protection or privacy". They might be using it for something else.
I think a lot of big companies are experimenting with those technologies.