Joisto Meets Document and Data Storage Security Regulations of GDPR—and Ensures Trust—Using Hyperledger Fabric

2018 was a revolutionary year when it came to data privacy: The European Union adopted the General Data Protection Regulation (GDPR). We’ve always been told data is the new oil, and as with any valuable market, it became very tightly regulated. Part of that regulation was ensuring the storage and retrieval of data is 100% irrefutable.

Joisto is a well known, highly compliant, multi-tenancy electronic archive and retrieval platform. They specialize in large volume, high speed management and storage of over a 1,000 data and document types with full integrity for many sectors including finance, government and utility. It is no wonder that their customers started asking if they could add another layer of trust to their archive solutions and help meet the GDPR demands. “It was clear we needed to change the way we think of data. This became my pet project, and I spent nearly a year researching how we could meet the market demands,” said Jani Partanen, CTO of Joisto.

 

“We believe it is fair to say that every sector will soon need a central repository to ingest, store and retrieve its data, documents and files with 100% immutable evidence.”

— Jani Partanen, CTO, Joisto

 

Finally, in January 2020, a small team of highly skilled developers created the ultimate solution: a blockchain-enabled archive. “After two years we had a really exciting product. We believe it is fair to say that every sector will soon need a central repository to ingest, store and retrieve its data, documents and files with 100% immutable evidence,” Jani continued. By using distributed ledger technology, Joisto ensures there is proof that stored documents and their respective metadata have not been modified, which amplifies trust for clients and their customers.

Joisto structured the state-of-the-art Blockchain Archive so companies can get the benefits of blockchain technology while still adhering to the GDPR standards, which require a single data controller. Solving the puzzle without a DLT would not be possible; only this technology makes it possible to store immutable records while still being flexible enough to comply with regulations. The Joisto Blockchain archive uses ‘off-chain storage,’ which means that the actual documents in the archive or their metadata are not stored in the ledger. Instead, cryptographic check-sums of the documents along with logs of events that happened in the archive are stored on-chain. What about removal of the data, the staple argument against DLTs? “When a document is removed from the archive, the orphan records in the blockchain regarding this document do not contain any identifiable data,” explained Jani.

Those who provide the archiving services, so-called commercial participants, enter a secure, private global network along with institutional participants and Joisto (which administers the network). Each commercial participant gets their own designated channel while Joisto and institutional participants are able to join all of them. This ensures trust, security and lower cost for companies without the need to invest in hardware and/or admin resources for handling transactions on other channels.The platform was built on Hyperledger Fabric, an open source enterprise blockchain framework hosted by the Linux Foundation. It was an obvious choice for Joisto for a few reasons—one being that Joisto is an open source platform, too. The company also needed a framework that supports multi-tenancy and didn’t use Proof of Work, and Hyperledger Fabric fulfilled both requirements.

The Blockchain Archive is a beneficial solution not just for highly regulated businesses but for companies in every sector because it provides a central repository to ingest, store, and retrieve data/documents/films with immutable evidence. Participation and onboarding are very straight forward: A new channel is initialized when a new company joins. During this initialization and formation process, the members of the channel agree upon basic policies, such as the number of endorsing peers within each organisation, rules for adding peers, detailed decisions on identity and membership services, as well as handling configuration changes in the channel. As the configuration is stored in a system-ledger and is controlled by the policies of the channel, modifications to the configuration are not possible unless the policies for it are met.

By moving to the blockchain platform, service providers who have had issues proving content integrity in the past have the opportunity to grow their customer base. Joisto Blockchain Archive is not only a neat architecture exercise. It is a solution service providers can deploy to ensure integrity of the data, which is a major deciding factor for customers. Companies can also now shift from volume-based document storage to a value-based model focusing on a single transaction, which is a big revenue booster. Being a white label product, the Archive can be tailored to their individual customers’ needs.
Will it succeed? “We started to commercialize the project at the beginning of the year. Despite the events of 2020, we still plan to have our first live beta clients by the end of Q4 2020,” shared Jani.

About Joisto
Joisto is the leading solution for handling large volumes of transactional documents and content. Trusted and relied upon by bluechip and SMEs across Europe, Joisto is a delivery platform provider for large customer communication management (CCM) service centers, energy/utility industries, financial institutes, the automotive industry and call centres.

 

About Hyperledger
Hyperledger is an open source collaborative effort created to advance cross-industry blockchain technologies. It is a global collaboration including leaders in banking, finance, Internet of Things, manufacturing, supply chain, and technology. The Linux Foundation hosts Hyperledger under the foundation. To learn more, visit https://www.hyperledger.org/