GDPR compliance is a regulation that entails organizations to protect the personal data and privacy of EU citizens for transactions. Any GDPR non-compliance will cost companies profoundly.The EU Parliament and Council fixed upon the General Data Protection Regulations (GDPR) in December 2016 and is effective from May 25, 2018. There is legal requirement for companies to demonstrate privacy by design, privacy by default and lawful processing.
The GDPR compliance applies to organizations located within the EU, located outside the EU if they offer goods or services to, or monitor the behavior of, EU customers. All the companies processing and holding the personal data of customers residing in the European Union, regardless of the company’s location will have to follow it.
GDPR compliance has defined key new EU citizen rights regarding the usage of their personal data by companies, which is as follows:
- Informed – Right to be informed of any personal data held, of how it is used or processed, of any breach, and of any disclosure/usage to third parties.
- Consent – Right to withdraw consent or restrict the processing or sharing of their data. Explicit and unambiguous informed consent must be obtained.
- Access – Right to secure direct access of own personal data, and to any processing, storage or sharing details.
- Correct – Right to rectify data if inaccurate or incomplete.
- Forget – Right to request the deletion or removal of personal data where there is no compelling reason for its continued processing.
- Portable – A copy of the data held may be requested by the individual in a portable format.
- Breach – Right to be informed of any data breach that risks a person’s rights and freedoms within 72 hours.
Inspira Enterprise – The Leading IT Solutions Provider with its center of Excellence in Networking, Unified Communication, Cloud, Security, Blockchain, Healthcare & Smart City solutions, offers VOLTA, Solution for GDPR compliance in association with Guardtime.
Volta utilizes KSI blockchain technology and provides mechanism for companies to demonstrate Privacy by design, Privacy by default and lawful processing, required for GDPR compliance with the added benefits of trust, transparency, integrity and provenance that are inherent to a blockchain solution.
All PII (personally identifiable information) related transactions within an organization are continuously recorded by VOLTA in its database and registered in the KSI blockchain, providing an immutable history for auditors, tracking all transactions associated with each workflow.
VOLTA offers role-based GDPR compliance reports against its database according to data handling policies, with data signed and verified by the KSI blockchain. This offers independent verification to users, auditors and regulators that personal data is being handled appropriately.
Inspira along-with Guardtime works with the client to ensure that all GDPR events associated with PII across the organization (i.e. consent, access, modification, copy etc.) are tracked in VOLTA and anchored in the KSI blockchain. By leveraging industrial scale and low-latency transaction registration process of KSI, VOLTA runs in near real time, offering an automated immutable GDPR compliance service. Guardtime’s KSI blockchain provides the proof, provenance and trust required to satisfy compliance and audit requirements of GDPR and third parties such as regulators, auditors and the PII affected individuals.
Today VOLTA is an intelligent solution for existing applications and services that require instrumenting for GDPR within an organization, all backed by the immutability and scale of the KSI blockchain. Workflows and processes can be instrumented with minimal integration issues, avoiding a major rewrite of existing infrastructure. Over time, deeper integration can be undertaken where appropriate to further strengthen immutability at core systems.
VOLTA offers role-based GDPR reports against the VOLTA database according to data handling policies, with data signed and verified by KSI. This offers independent verification to users, auditors and regulators that personal data is being handled appropriately.
In compliance with GDPR, VOLTA can produce reports, depending on the context, and the individual. This includes consent tracking and policy violation analytics. A REST API is available for partners and clients to create their own reports and analytics (role based). The VOLTA-DB contains all PII data events exposed to the system, signed and time-stamped, enabling correlation and frequency analysis on usage patterns (to flag misuse for example). With KSI verification running continuously in background, any data tampering can be notified and reported in near real-time. Given the penalties associated with mishandling PII data under GDPR compliance, VOLTA’s functionality enables organizations to demonstrate governance in a pragmatic manner, Bringing real business benefits and significantly de-risking the governance process.