We are developing a mobile app where we scan documents, ask for data in forms and use blockchain.
We want to make sure we comply with GDPR. Especially around:
-data retention, is hashing data enough?
-anonymized vs pseudonymized. Are we understanding it correctly?
-data access by personell. Is it ok that developers and database admin can see some of the data
-how to know when data is misused, mis-accessed, or breached
-are we a data processor or controller?