The European General Data Protection Regulation (GDPR) comes into effect on 25th May 2018. This paper assesses if and how the GDPR applies to public and private or consortium blockchains. The paper focuses on the crucial question of whether blockchains fall within the scope of GDPR, especially if personally identifiable information is processed. The paper proposes that this is most likely true and that with public blockchains the data is not simply anonymous. Finally, the paper describes the main obligations and requirements under the GDPR by which blockchain companies must abide.