“Guardtime’s VOLTA product presents a path to GDPR certification that really stands out in today’s marketplace”
Michael J Morrissey, President & CEO International Insurance Society.

General Data Protection Regulations (GDPR)

In December 2016, the EU Parliament and Council agreed upon the General Data Protection Regulations (GDPR), to go into effect on May 25, 2018. These regulations introduce tough new legal requirements for companies relating to privacy and data protection of the personal data owned by EU individuals.
Although many companies have already adopted privacy processes and procedures consistent with existing privacy directives, GDPR contains a number of legal requirements and new protections for EU data subjects and threatens significant fines and penalties for non-compliant data controllers and processors once it comes into force.
“With solid common standards for data protection, people can be sure they are in control of their personal information. And they can enjoy all the services and opportunities of a Digital Single Market.”
Andrus Ansip, Vice-President for EU DSM.

With new obligations on such matters as data subject consent, citizens’ rights, data anonymization, breach notification, trans-border data transfers, continuous monitoring and documentation, and appointment of data protection officers, to name a few, the GDPR requires companies handling EU citizens’ data to undertake major operational reform to ensure continued legal processing of personal data.

VOLTA – a Solution for GDPR

Guardtime has received many similar comments from leading institutions relating to GDPR. While there was a developing market in advisory services relating to GDPR, once an initial risk assessment had been taken, there was a noticeable lack of solutions on offer that give a clear path for a company to become GDPR compliant.
Taking the viewpoint that the management of personal data is another example of a problem space where innovative data management technology could be used, Guardtime has developed VOLTA, its solution for GDPR.
“Many vendors will offer risk assessments and advisory guidelines - Guardtime is the first to offer a complete software solution.  Our solution is the answer for organizations that are wrestling with GDPR and need a fast pragmatic solution that works with legacy systems and meets an acceptable minimum from  EU regulators.
Mike Gault, CEO of Guardtime.

VOLTA is designed to support the rigorous governance and compliance processes for managing personally identifiable information (PII), targeted by GDPR.
Today, personal data is typically held on many disparate systems and affects multiple workflows (i.e. applications, processes, and services). Integrating these disparate systems is a major challenge for tracking PII use. VOLTA takes a pragmatic approach to integration: firstly, by supporting a wide range of interfaces for integration, and secondly by enabling a user-defined extendible interface for company policies.

All GDPR events associated with PII across the organization (i.e. consent, access, modification, copy etc.) are tracked in VOLTA and anchored in the KSI blockchain.

Reporting

In addition to tracking the events offers role-based GDPR reports against the VOLTA database. In compliance with GDPR, VOLTA can produce high or low-level reports depending on the context. These reports are suitable for the Data Protection Officer (DPO), management, external auditors, regulators, and the individual.
VOLTA contains all PII data events exposed to the system, signed and time-stamped, enabling correlation and frequency analysis on usage patterns (to flag misuse for example). With KSI verification running continuously in background, any data tampering can be notified and reported in near real-time.

Next Steps

Guardtime believes that its VOLTA product is a pragmatic solution to GDPR for many companies, especially for those companies whose personal data is spread across multiple systems and locations
In addition to providing compliance with GDPR, and the pathway to a GDPR compliant certification, VOLTA provides a continuous personal data compliance and over watch service, reducing the requirements for external audits, and providing the tools to flag bespoke data misuse and data tampering events for a company.

For more information please contact David Shorthouse, Product Manager for GDPR and download the attached whitepaper.