<aside> 💡 Problem statement: Enterprises love compliances… We love blockchains… Can we make Blockchains compliant?

</aside>

What are the compliances that enterprises love?

• PCI - DSS (Looks like an easy solution: can we innovate?)
  • Started by the credit card mafia (All famous card companies)
    • The de-facto rules to store card data
• PII (Personal Identifiable Information) - Our main hurdle!!! (and cash cow… Needs disruption)
  • any data that can be used to identify a specific person
    • Best solution : Don’t store personal data - Too utopian
    • Worst solution : Mass surveillance - Too Orwellian
    • Middle Ground : A hardworking Blockchain with additional components - That’s where we capture the market
• PHI (Protected Health Information)
  • High risk High reward
    • Good solution : Blockchain
    • Better solution : Private Blockchain
    • Best solution : Kalptantra - You get other components to safeguard all the compliances
• HIPAA : This is an act
  • To ensure an org follows it, they must do the following:
    • Ensure the confidentiality, integrity, and availability of all e-PHI data
    • Detect and safeguard against anticipated threats to the security of the information
    • Protect against anticipated impermissible uses or disclosures that are not allowed by the rule
    • Certify compliance by their workforce
  • The following types of individuals and organisations are subject to the Privacy Rule
    • Healthcare providers
    • Health care plans
    • Clearing houses
    • Business associates who do
      • billing
      • data analysis etc
• GDPR
  • This is European but a gold standard for all : Very difficult to achieve especially for a public blockchain
  • TLDR; - Explained later
  • If we cover this, we cover almost all PII related compliances
• COPPA (PS. It’s an act to protect the children)
  • We are going to put schools on chain and we are a US company so COPPA (which is a US law) must be followed otherwise we’ll pay huge fines
  • Biggest risk : Pedophiles
  • Gist : Data shouldn’t help anyone track any child
  • Good solution : Don’t take PII data of children

The verdict :

<aside> 💡 These things are difficult to achieve on public chains. KALPTANTRA is the answer

</aside>

The solution :

<aside> 💡 More than one ring to rule them all… Make modules around KALP to facilitate different compliances, as one solution would be too strict for all

</aside>

When is data processing allowed

• The user has given consent for one or more specific purposes.