The extension and promotion of personal data rights was one of the main goals of GDPR and subsequent regulations. Citizens have the right to request, order deletion and/or repatriation of their data in an easily accessible, machine-readable format. This was an excellent opportunity for us to show how a secure channel combined with a blockchain ledger could manage ‘transactions’ between people and the organisations which hold their data as controllers or processors, something we termed ‘Data Dialogue’.
Our first product, the Rights Management Platform was developed and launched with this being the core proposition, the first ‘real world’ experiment around data rights with 2 goals:
1: To establish whether people cared about their rights, would want to exercise them and control their data, given tools and a frictionless user experience. 2: That organisations would be keen to demonstrate their commitment to data rights and best practice when presented with a dedicated channel designed with security and transparency as twin drivers. At the core of our rights platform is the Tapmydata app which operates as a directory of organisations, a personal data store, wallet and secure end-to-end encrypted messaging platform for communicating with organisations and sending files back and forth. In the back-end of the system is a secure platform for organisations to manage their team and respond to rights requests. Although the platform was built primarily for rights, it is in essence a secure request and response platform with crypto baked in and we recently deployed the product to customers in response to the COVID-19 system for contact tracing.
The Rights Management Platform for organisations is being expanded to support:
Data discovery (through our partnership with ESpyder)
Data redaction to reduce work-load for organisations returning data
The Rights Management Platform is also a flexible end-to-end encrypted communication channel. Following Covid we successfully rolled out the platform to support the Church of Scotland with their track and trace requirements. You can see how this works from a consumer perspective in a short video or a demonstration of the organisation side of things. read our Church of Scotland case below.