According to surveys, while 70% of companies expanded their collection of personal information between 2020 and 2021, 53% of businesses can’t confirm that they are highly capable of complying with government cyber-regulations. Legislations, such as the General Data Protection Regulation (GDPR), have significantly increased obligations on data holders, creating demand for state-of-the-art data management technologies that can ease the compliance process.
The patent, “Systems and methods for sending user data from a trusted party to a third party using a distributed registry”, contains methods for protecting personal data from illegal transfer and processing, allowing businesses to comply with legal requirements. The technology is of particular relevance for Know Your Customer (KYC) and Client Due Diligence (CDD) service providers. Organizations can now refer to transaction records in the blockchain network to confirm parties’ consent to the transfer and processing of personal data in cases of data transfer legitimacy issues.
This control over data is achieved by forming a distributed registry in which each stage of the parties’ interactions during the sending of user data is recorded. The patented methods ensure that the distributed registry only contains the records pertaining to the facts of the personal data transmissions and the parties’ consent to such transmissions. All records are maintained in the form of hashes that are salted, signed and encrypted in a unique, patented, way.
This approach eliminates data breaches and uncontrolled data transfers by only permitting the use of ledger records by direct participants – the data sender, the data recipient and the data owner, of specific information transmissions.
“Data management technologies are a rapidly emerging worldwide trend and, as a cybersecurity company, we were interested in developing methods that can contribute to the safety of those solutions. While working on the project, we solved this security problem by providing the technical ability to confirm the transfer of data while ensuring the protection of information by not storing it in the blockchain. The legitimization of personal data transfer is just one use of the research results. This technology may also be applicable in other scenarios, such as the exchange of trade supporting documents or the confirmation of employees’ authority to sign off on B2B electronic interactions.”Alexander Sazonov, Inventor of the Technology at Kaspersky
Kaspersky will continue developing this invention and exploring its various applications and its usability across solutions.