Ensuring privacy in decentralized systems remains one of the key unresolved challenges in digital credentialing. This article explores the GAVIN project (GDPR-Compliant Blockchain-Based Architecture for Universal Learning, Education and Training Information Management), a research initiative developed by Atlanttic, (University of Vigo) supported by the Spanish Ministry of Science and Innovation and funded by the European Union under the Next Generation EU program. GAVIN aims to develop a GDPR-compliant architecture for issuing and verifying academic credentials using blockchain technology. Through an extensive legal and technical validation process, the project confronts the inherent tension between blockchain’s decentralization and immutability and the European Union’s strict data protection requirements. The article reviews relevant literature, outlines the project’s methodology, presents the system’s design, discusses legal implications, and offers conclusions for further academic and regulatory exploration, grounded in a fully GDPR-compliant model and functional prototype.