The leading knowledge platform for the financial technology industry
The leading knowledge platform for the financial technology industry

A-Team Insight Blogs

Provectus Offers GDPR Solution Based on Distributed Key Management and Blockchain

Provectus will bring an automated General Data Protection Regulation (GDPR) compliance solution to market this month. The solution focuses on data related aspects of the regulation, particularly interactions between individuals and organisations, and is based on distributed key management and blockchain based audit.

The solution is designed for start-ups and small to medium sized businesses that need to comply with GDPR, but don’t have resources for consultants and legal, or expertise in building robust compliance processes and policies. Customers do need to be relatively tech-savvy as the solution is provided as a suite of application programming interfaces (APIs) and requires some technical acumen to be integrated, although help can be provided by Squadex, Provectus’s parent and a technology consultancy and software engineering specialist.

Dima Kanevsky, product manager of Provectus, says: “Large companies are spending millions of dollars on GDPR compliance, but smaller companies can’t do that, so we have built an automated solution that is more efficient than manual processes, allows individuals to exert their rights under GDPR, logs data for audit purposes and doesn’t require expensive human input.”

The GDPR solution’s technology is tried and tested, and already in use in the US ensuring the privacy of sensitive financial data required for corporate tax purposes. GDPR compliance is limited to data interactions between individuals and organisations, which must fulfil their own Data Protection Impact Assessments (DPIA) and decide whether they need to appoint a Data Protection Officer in line with the regulation’s requirements.

Organisations and individuals interact through APIs, with individuals using devices such as mobile phones or a web application, and a key provided by the organisation to turn on or off consent to access their personal data. The key management solution encrypts data on a record-by-record basis and records of processing activities are kept on a cloud-based blockchain that keeps a log of users’ decisions on their data in an immutable way. Data from the blockchain can be extracted by users or authorities automatically, while the data encryption element of the key management system means any breaches of personal data lead only to anonymised data.

Yuri Vizitei, chief technology officer of Provectus, explains: “The core of the solution is distributed key management that allows individuals to control what personal data they provide to an organisation and access the information. The blockchain model is fit for purpose here as it provides an audit log rather than data storage that is subject to change.”

Provectus plans to price its GDPR solution on bands of numbers of active data users and says it has customers in the pipeline that will be up and running in time for GDPR compliance on May 25, 2018.

Related content

WEBINAR

Recorded Webinar: Best practices for regulatory reporting

Regulatory reporting has been a cost and resource burden for financial institutions for many years, with the race to compliance in a highly regulated market often leading to multiple, singular regulatory reporting solutions. Legacy systems add to the challenges of making reporting changes in line with adapted and new regulations. This webinar will address these...

BLOG

Australian Superannuation Fund QSuper Selects Matrix IDM for Integrated Data Management Solution

QSuper, one of Australia’s largest superannuation funds, has selected Matrix IDM’s data management product to provide a fully integrated solution across security, pricing, positions, accounts, risk, performance, and corporate actions data. The fund was looking for an off-the-shelf data warehouse to support a data strategy project that would create a vendor and custodian agnostic data...

EVENT

RegTech Summit APAC Virtual

RegTech Summit APAC will explore the current regulatory environment in Asia Pacific, the impact of COVID on the RegTech industry and the extent to which the pandemic has acted a catalyst for RegTech adoption in financial markets.

GUIDE

Entity Data Management Handbook

Following on from the success of our Regulatory Data Handbook, A-Team Group is pleased to introduce its new Entity Data Management Handbook which is available for free download. This Handbook is the ultimate guide to all things entity data: Why Entity Data is important A full review of Legal Entity Identifiers (LEIs) Where they came...