VOLTA - KSI® Blockchain-Based Solution for GDPR
In April 2016, the EU Parliament and Council agreed upon the General Data Protection Regulations (GDPR), to go into effect on May 25, 2018. These regulations introduce tough new legal requirements and fines for companies relating to privacy and data protection of the personal data owned by EU individuals.
By strengthening data protection legislation and introducing tougher enforcement measures, the EU hopes to improve trust in the emerging digital economy.
GDPR defines key new EU citizen rights regarding the usage of their personal data by companies, including the requirement for explicit consent to be given by the individual, the right to be forgotten, and the right to be informed.
GDPR requires companies that handle the personal data of EU citizens to undertake major operational reform so that they can demonstrate data privacy and protection by both design and default. Additionally, that an inventory of all personal data held, it’s age, the processing and sharing activities, and related consents must be maintained. It must be available to the DPA or individual on demand.
VOLTA – What is it?
In response to the GDPR regulations Guardtime has developed VOLTA; its solution for GDPR compliance. VOLTA provides compliance with the requirements of GDPR with the added benefits of trust, transparency and integrity that are inherent to a blockchain solution.
Guardtime's VOLTA product is a pragmatic solution to GDPR for many companies, especially for those companies whose personal data is spread across multiple systems and locations
Today, personally identifiable information (PII) is held on many disparate systems and affects multiple workflows (i.e. applications, processes, and services). Integrating these disparate systems is a major challenge for tracking PII use. VOLTA takes a pragmatic approach to integration: firstly, by supporting light-touch interfaces such as CSV and REST, and secondly by enabling user- defined policies to be applied on all transactions associated with personal data handling.
All PII related transactions within an organisation are continuously recorded by VOLTA in its database and registered in the KSI blockchain, providing an immutable history for auditors, tracking all transactions associated with each workflow.Reporting
VOLTA offers role-based GDPR reports against the VOLTA database according to data handling policies, with data signed and verified by the KSI blockchain. This offers independent verification to users, auditors and regulators that personal data is being handled appropriately.
In compliance with GDPR, VOLTA can produce high or low-level reports for the DPO, depending on the context, and the individual. This includes consent tracking and policy violation analytics. A REST API is available for partners and clients to create their own reports and analytics (again role- based).