About a-team Marketing Services
The knowledge platform for the financial technology industry
The knowledge platform for the financial technology industry

A-Team Insight Blogs

Provectus Offers GDPR Solution Based on Distributed Key Management and Blockchain

Subscribe to our newsletter

Provectus will bring an automated General Data Protection Regulation (GDPR) compliance solution to market this month. The solution focuses on data related aspects of the regulation, particularly interactions between individuals and organisations, and is based on distributed key management and blockchain based audit.

The solution is designed for start-ups and small to medium sized businesses that need to comply with GDPR, but don’t have resources for consultants and legal, or expertise in building robust compliance processes and policies. Customers do need to be relatively tech-savvy as the solution is provided as a suite of application programming interfaces (APIs) and requires some technical acumen to be integrated, although help can be provided by Squadex, Provectus’s parent and a technology consultancy and software engineering specialist.

Dima Kanevsky, product manager of Provectus, says: “Large companies are spending millions of dollars on GDPR compliance, but smaller companies can’t do that, so we have built an automated solution that is more efficient than manual processes, allows individuals to exert their rights under GDPR, logs data for audit purposes and doesn’t require expensive human input.”

The GDPR solution’s technology is tried and tested, and already in use in the US ensuring the privacy of sensitive financial data required for corporate tax purposes. GDPR compliance is limited to data interactions between individuals and organisations, which must fulfil their own Data Protection Impact Assessments (DPIA) and decide whether they need to appoint a Data Protection Officer in line with the regulation’s requirements.

Organisations and individuals interact through APIs, with individuals using devices such as mobile phones or a web application, and a key provided by the organisation to turn on or off consent to access their personal data. The key management solution encrypts data on a record-by-record basis and records of processing activities are kept on a cloud-based blockchain that keeps a log of users’ decisions on their data in an immutable way. Data from the blockchain can be extracted by users or authorities automatically, while the data encryption element of the key management system means any breaches of personal data lead only to anonymised data.

Yuri Vizitei, chief technology officer of Provectus, explains: “The core of the solution is distributed key management that allows individuals to control what personal data they provide to an organisation and access the information. The blockchain model is fit for purpose here as it provides an audit log rather than data storage that is subject to change.”

Provectus plans to price its GDPR solution on bands of numbers of active data users and says it has customers in the pipeline that will be up and running in time for GDPR compliance on May 25, 2018.

Subscribe to our newsletter

Related content

WEBINAR

Upcoming Webinar: GenAI and LLM case studies for Surveillance, Screening and Scanning

12 November 2025 11:00am ET | 3:00pm London | 4:00pm CET Duration: 50 Minutes As Generative AI (GenAI) and Large Language Models (LLMs) move from pilot to production, compliance, surveillance, and screening functions are seeing tangible results — and new risks. From trade surveillance to adverse media screening to policy and regulatory scanning, GenAI and...

BLOG

EU’s AI Act Loads Data Responsibilities on Institutions but also Offers Opportunities

Financial institutions are under pressure to put their data estates in order as the European Union’s artificial intelligence regulation comes into force this week, threatening huge fines for failures to observe its tough rules on the safe and fair use of the technology. Nevertheless, the introduction of stringent measures that will place new compliance burdens...

EVENT

Data Management Summit New York City

Now in its 15th year the Data Management Summit NYC brings together the North American data management community to explore how data strategy is evolving to drive business outcomes and speed to market in changing times.

GUIDE

The DORA Implementation Playbook: A Practitioner’s Guide to Demonstrating Resilience Beyond the Deadline

The Digital Operational Resilience Act (DORA) has fundamentally reshaped the European Union’s financial regulatory landscape, with its full application beginning on January 17, 2025. This regulation goes beyond traditional risk management, explicitly acknowledging that digital incidents can threaten the stability of the entire financial system. As the deadline has passed, the focus is now shifting...