 They actually see the number of participants somewhere. You can see them coming in now, exactly. And it's recording. Oh, okay. Yes. And is anybody that you want from the attendees to come in and make them a panelist, tell me. Yeah. Hi, everyone. We're just waiting. We're going to wait probably until about three or four minutes past the hour. And then we'll start it. Zoom does its thing. Sorry. Silly question. Where do I see the participants? I do. Do I have a, so if you click on participants, there is, and you click on it has panelists and attendees. So you click on one on the other. So. Yeah. And we've got two attendees. We can promote attendees to panelists. So I know there were two of your team. If they're not here yet. Jeffrey and Yanni, they are there. Yeah. Promote panelists. Yanni Linton and. Hello, Yanni. I've made you, I've made you a co-host. You may be able to do that as well. Yeah. And then we have Jeffrey Williams. I'm going to promote to panelists. Hello, Jeffrey. You're both muted by the way. If you didn't notice, but you're a panelist. And. Yeah. Hello. Can you hear me? Yeah. We can hear you. And I'm making out making all co-hosts. Just. Spread the power. Yeah. The open governance model. Exactly. I don't know. Anyway, we'll talk about another day. Okay. And Yanni, Yanni can make you as well. Yanni's on his way in. And we'll wait a few minutes. I don't think we'll be on the hour yet. We're just on the hour now. So everybody who's just joined. Thank you for coming. We're going to wait a few minutes. And then we'll kick off this webinar today. Yeah. I guess my camera is now working also. If I can see you. Yeah. Yeah. We can see you. Hi. Yes. To me. Yanni. Yeah. To Yanni's. Yeah. The rest of the world. Yeah. And we just tried to read and keep that as a recruitment practice that everybody should be named Yanni, but we have failed. So. I can old Monty Python sketch. Everyone's called Bruce. They're Australian, but someone's not called Bruce. Listen, why don't we just call you Bruce just to make things easier? So Yanni, is that a very finished name? Is it? Yeah. It is. It is. And it's in our age group. Very common. All right. Excellent. More people signing in all the time. So yeah. Yeah. Yeah. Yeah. They're all coming in. And they'll be able to raise their hands if they have any questions. So if you have any questions, any issues, raise your hand. And we'll be doing a. You'll be asking questions as well. So I'll cover that as I kick off. I'll give it another minute and then. We shall start. I need to have books behind me. I have no books behind me. I feel. I'm not well read. We do love books. So. Again, company policy. Yeah. Yeah. I wouldn't have got through obviously. Yeah. Exactly. Okay. I think I'm going to kick off. Okay. Welcome everybody to this hyper ledger member webinar. We have a great webinar today. I'm very glad that we have our. Our hyper ledger member. Joyce or Yoist. I think if I correct it might pronounce it correctly. And we are going to stay talk about GDPR storage with hyper ledger. A fabric compliant GDPR compliant storage. So this is a very exciting subject. We're going to be looking at GDPR itself. How it that relates to blockchain. And then about the story that. Joyce have gone through and providing this. In a great production. System that they have today. So what I'm going to do. And by the way, before I start, please. Go. Raise your hand or press. This is interactive session. So please do raise your hand. Put some questions in the Q&A as we go along. We'll try and answer those. So please do that. Please be interactive. And thank you for joining. So I'm not going to hand over to Yanni. Who's going to take it from here. Introduce himself and the team from Yoist. Thank you. Okay. Thank you, Julian. So my name is Yanni Partanen. I'm the city of. Of just a group. And I have been around since the founding of the company. I am an employee and number one in the company. And. Can't main minor shareholder also. And with me today. Tommy Hannon. Yanni Linton and Jeffrey Williams. And. Tommy, if you want to introduce yourself. A little bit. Just quickly. So I'm Tommy Hannon. I'm also finished as Yanni. Actually both Yanni's. As his company was founded in Finland. I'm a CEO and co-founder working with Yanni for a long time. And my responsibility is business and commercial. Part of. What we do. And Yanni and Jeffrey. Would you like to introduce yourself or should be. Yeah. Sure. Yeah. My name is Yanni Linton and. In short, I've been working in. In choice. Since 2012. So. Nearing 10 years. In this company and. Yeah. That's that's the very short kind of introduction. Hi, Jeffrey Williams here. I'm the new joining. I've been there for like five years now. And yeah, I'm a senior developer. And. Work on the technology side of things. Okay. Thank you about that. I'll give me a second. I'll start my kind of. Presentation here. Okay. Hopefully you're able to see kind of the color page of this. The subject of this session is GDPR compliant storage with hyper literature fabric. And. I'm Yanni partner CTO. As I mentioned. A couple of words about the company that we come from. Joe store is some Finnish company. We have offices also in UK and Poland. We have been around since the beginning of 2000s. We have been working on our product days and document storage and archival system. We specialize in high volume. Multi tenant. Document storage that used around Europe. Mainly in Europe for utilities. Finances banking and such. Basically we have a platform for service provider to provide document storage and archiving services as a service. So compared to document management systems that can do something like tens of thousands of hundreds of thousands. Documents we do hundreds of millions of documents or billions of documents or. That is a definite difference in scale there. So we have a very particular niche. But we are actually looking into expanding. And what we learned here is part of that. So we are looking into expanding project. Going on. Okay. Here we have the kind of session outline that's what I'm going to go through. We have a first I'm going to kind of do a quick recap of GDPR. I know that the most everybody. Knows something about GDPR. I'm probably got. I have a probably a bit different view than some of you. And I'm going to highlight some of the. Meaningful in this context. Then we're going to go and discuss about blockchain and GDPR. How does GDPR kind of. What do GDPR has about blockchain. What do you have. About blockchain and GDPR compatibility. And then we're going to have a technical and business journey. What we learned how we did it. Why we did it and all that stuff. And then in the end, we have questions and answers. However, if you have any questions, feel free to ask them along the way. I believe Julian is going to kind of. Monitor the questions and manage that side of things. Yes. Good. Good. Okay. So without further ado, let's get into the nitty gritty of GDPR. So this is how you begins to definition of GDPR on that website. That the general data protection regulation is the toughest privacy and security law in the world. That most probably still the case, even though there are different similar kind of legislation popping up around the world. US is particularly active in this area, but they are implementing it on a state level instead of federal level. So there's a little bit of different, but California made one and New York is, I believe just made another one privacy. Privacy regulation. Okay. So there are a couple of basic facts about GDPR. First of all, it stands for general data protection regulation. It's applicable less of May 25, 2018. So it's been around about three years. And the initial panic has passed. It's generally caused a lot of havoc and a lot of well panic around the IT industry and stuff around that. It's more or less now day to day stuff that you need to take account. The two first GDPR fines have been given. That's around, if I remember correctly, something around 300 million euros worth of fines have been given. So quite sizable summits. It's actually going up quite fast. So let's find some kind of regulatory side of things is kind of picking up pace. It was designed to be technology agnostic and it's it relatively well reaches that goal. It doesn't talk about particular security practices or or or exact technologies. So it's more about general concepts and principles and stuff. It's enforced by each member state. This brings a little bit of complexity into it because it's up for interpretation. So each country can interpret it as they see it. So something that is acceptable in Finland might not be acceptable in Germany. That's a little bit of a complication, but for that actually EU has an European data protection board providing guidelines and recommendation for that. And I have listed couple of key terms on the bottom of that slide which are data subject data processor and data controller. And I go quickly to root these. So data subject is subject of the data storage. So that's the person that your whose data you are the companies are storing for data processor is something that is handling or processing the data and data controller is the one that kind of owns the data and is responsible for that. So the processor controller distinction is kind of important one in GDPR. And then if we discuss a little bit about the scope. At heart it's about personal data. That's that's that's what it is all about. On the right hand side there you can see how information commissioners office in UK defines the personal data. And it's quite wide, quite wide definition. So anything like IP addresses or cookie IDs or all all that kind of stuff can be thought as an personal data. So it's a very wide area. Also there's a facial recognition and all this kind of stuff is considered in some cases to be personal data. If you're not storing personal data at all GDPR does not apply so that's that's simple. Your life is going to be easy and so on but typically businesses to store at least some level of personal data. And again it's technology agnostic so it doesn't matter what's the media of the storage that you are using if you are storing papers. They also are applicable for GDPR so so it just makes things more complicated or microfilm for for or or anything what you're storing doesn't matter you still need to comply with GDPR. And the territorial scope is EU. So basically this is EU legislation and set up by EU Commission and so on but it affects the rest of the world. When the businesses around the world are processing or handling personal data of EU citizens so it has this kind of viral nature do it. All right. Let's have a quick glance at the main areas of GDPR of course this is just one one way of looking stuff and GDPR isn't quite complicated legislation. It's up for your it depends on your point of view but these are five points that I kind of like to point out that there is one aspect of GDPR is security of processing. Businesses handling personal data are required to do it in a secret secure manner. They need to follow best practices and that kind of stuff. Then businesses need to act lawfully and have a consent. Consent means that they need to have permission to store the data and they need to do it in a lawful way. Accountability and compliance that's actually quite big subject that this session is not going to go into touch that much but accountability means that you need to comply and you need to prove that one. You need to prove that you have done done your business in compliance to GDPR. In this data protection. This is what a lot of fines are for you didn't store you didn't protect your data sufficiently so that's going to be a obvious obvious stuff there. Then you have the individual rights that was some kind of an in 2018 that cost a lot of a lot of fuss. So I'm going to go through just briefly. Most of you, of course, have seen the individual rights of GDPR learn going to go through these briefly just to be on the same page. Some of these have more or less very, very important part in this context. So first of all, you have the right to be informed. This basically means that you need to be you need to provide the information what data you are collecting how you are collecting and so on. Basically, you need to have privacy policy available. Then you have the right of access. So basically person has the right to see what data you are storing. So you need to be prepared to provide that data for the person. Then you have the right of rectification. That's a simple one if the data is incorrect. Somebody may demand that you correct it and you might need to do it. The right to erasure. This is also called the right to be forgotten by the EU. So this means that if an user demands that the data needs to be deleted, you may be required to do so. This is some subjective right and it doesn't apply automatically. So then need to be need to be certain certain situations that are going on. Then you have the right to restrict processing. This is probably the most complicated one what this means. However, it's probably one of the least used ones. So the right to restrict processing is that this may demand that you cannot modify or lose the data that you are holding about them. Where this comes up is could be something like a legal dispute that you are required that you do not lose the evidence that you have. And that's one of the basic individual rights that there are. This is very subjective. It doesn't apply automatically. Somebody just can't just go on and go on and fire away the right to restrict processing requests around the world and expect that everything is then restricted. That doesn't happen. Then you have the right to data portability. This means that when you provide the data you need to provide it in a sensible format. That's pretty much it. Then you have the right to object. This means that you can deny direct marketing and such communications at all in all in all. Then there's rights related to automated. This is some making and profiling. First of all, beautiful name for the right. But that kind of describes this. The persons may demand that none of this can be done to their date. Okay, as we are a document storing and archival provider. I pointed out data retention here because from our point of view, that's a hugely important subject. Data retention means that you should not store any data unless it's necessary. And whatever that means, that's up for court cases then. But nevertheless, that's the basic principle that EU is taking with GDPR legislation. And when we say data here, that's of course personal data. If you have some statistics about wind, that doesn't apply. Okay, so basically all data containing personally identifiable information and it's no longer necessary needs to be removed. And you have to have practices to do this. And if you have done your kind of document storage on paper, this is going to be a pain. This is really going to be a pain. Of course, depending on the archival system, if you have sorted them by date and just throw the old boxes away. Then the other last laws come in at this stage. First of all, GDPR is not kind of law above all laws. Actually quite contrary. Other laws may define stuff that you cannot delete and then GDPR doesn't apply. If you are by law required to store something, GDPR might not apply at all. For this is typical case for accounting and all that kind of stuff. So the other laws typically go over GDPR in this area. I am not a lawyer. I'm a techie. This is something that you, if you really have a problem, you need to talk with lawyers. And then in data retention, you need to be prepared for right to erase so that if people have a valid right to be forgotten, you need to be prepared for that. Okay, that's about what I was planning to talk about GDPR and kind of as an introduction to GDPR and introduction to this session. Do we, Julian, have questions on this face or should I move along? Sorry, I think you move along. I think we have a few questions, but generic questions, but I think we move along here. When everyone has a question, please do raise it. Somebody has asked, did you develop the e-archive software with blockchain in mind or was blockchain a happy accident? But you can answer that now, right? Yeah, I can answer that. That's an easy one. No, we didn't develop for the blockchain because this has existed, the actual product has existed since the 90s. And blockchain wasn't around in there. So blockchain has become an addition. Not a happy accident. Actually, it was planned, but believe it or not, but nevertheless, it has come as an afterthought, not an initial creation of the system. Okay, so we can move along into blockchain, the kind of meat of the stuff. Now we have kind of, hopefully we have more or less common understanding with GDPR and GDPR is, and now we can move into a blockchain. EU has done a great study about blockchain and GDPR. GDPR is 120 pages and it's definitely a good one. And it refers to a lot of other studies. I've gone to that rabbit hole and spent quite some time in there and came up still relatively sane. There are studies about blockchain and GDPR and I'm going to kind of highlight what, first, what the EU's main findings were. And what are the kind of, so first of all, GDPR assumes that the personal data is controlled by one entity to that data controller. If you remember, I referred to data controller in the beginning. Well, from blockchain's point of view, that's not the case. Blockchain by nature is distributed. So the ledgers get distributed. And so the controlling of the data can be a little bit more complicated. The other kind of conflict is that GDPR requires all personal data to be modifiable and erased. And we all know blockchain, hopefully at least something about blockchain and we know that blockchain tries to prevent this as much as possible. Blockchain tries to create and do the data immutable. So once you enter the data, the track of that data stays there forever. That's the great feature about blockchain. But this can cause several limitations on what you can store in the blockchain. And then EU goes on into kind of investigating about pseudonymizations and anonymizations as technical means of storing data into the blockchain. Unfortunately, what they kind of came up with is that in general pseudonymization is forbidden. So they take this infinitum aspect with data that given infinite time, the pseudonymization should not be unseudonymized. And in terms of computers, infinite time is a very long time. Basically, you can crack anything if you have infinite time. In reality, none of us have, at least haven't had since. But that's definitely kind of a limiting factor using blockchains and GDPR and that needs to be taken into account. Anonymization then, however, is completely okay if you do proper anonymization. And then there's to discuss what is anonymization and pseudonymization. I'm not going to go into huge details about that one, but pseudonymization in general could be, for example, using an hash to calculate if you use a social security number and hash that one. That's not going to be acceptable because that can be kind of brute-forced back into the social security number. Then again, if you have a book containing personal information and you calculate the hash of that book, that's most probably going to be completely okay. So there is granularity in it. Now, I have defined what kind of problems blockchain and GDPR might have. Let's take a look what kind of solutions there might be. And there is one kind of generic conclusion and recommendation that EU comes up with, and that's off-chain storage. What this means is that basically you do not store the actual data or the actual documents or anything of that sort that contains personally identifiable data into the blockchain. You store it in some other system and you refer it in the blockchain. So you store hashes and fingerprints and all that kind of stuff of the data and the metadata into the blockchain. That's the officially recommended way of EU. Well, EU doesn't make a clear recommendation, but that comes up from the reports quite often. Then the other option, if of course to anonymize your data. This might be used very good solution for some use cases that of course depends what you are doing, what you're storing there. And it completely depends on that one. But you need to be careful to implement proper anonymization. You can't do mistakes at that stage. So what this comes up and what's kind of our approach to this is kind of use blockchain as proof of integration. Instead of storing the, we store documents in the system and we store document by the way needs to be in this context needs to be taken kind of widely document can be anything. It's basically anything that can be a file, for example, or multiple files or something like that can be considered as a document, but as we store documents in the archive. What we do is we store the in the blockchain we store the checksums and fingerprints of the data and metadata. This actually allows what allows the blockchain to track the contents of the archive. And the whole document storage system so so that one can be tracked and prove the integrity of the system. And that's an kind of excellent, excellent feature of blockchain. If we take an example which is right to restrict processing which I one of the individual rights in the GDPR. What blockchain can do for you in this rather weird requirement that you are not allowed to do anything with your data. What blockchain can do is actually it can prove that if all the transactions and modifications are tracked in the blockchain, you can easily show what transactions have been applied against this object. And what has happened with this since some particular point in time actually since the, since the storing of the object, but nevertheless, for right to restrict processing, it's the one particular point in time that can be seen there. That's a perfect kind of perfect example how blockchain can help us in this area. Then we have the data controller and data processor. What actually this approach, the approach to using blockchain does is that as you identified the multiple data controllers to be a problem. This actually doesn't change in this model, the data controller is still responsible for controlling the data. And the data processor is the one storing the proof of the data. So this really simplifies the scenario what kind of what applies to GDPR. And that's an excellent result result because simplification in GDPR is and well, it's always nice. If you can read that one. Before going into further where I kind of touch what we have then done should be post here Julian or do I continue straight ahead. I think I think you can go straight ahead we've got a lot of got some questions coming in right. One thing people asked and we'll send you the link everyone's asking what this EU report and where they can get it EU report GDPR and. And I think we should there's a couple of links and thank you for everyone who's sharing that. I think I think we can continue. Jeffrey is doing a great job of answering some of these questions as we go along. So I'll ask a few questions so how how the two ends meet I mean block our block chains claim to fame in immutability on the other side GDPR expected it to be leated. So how does that, you know that's the challenge there. Yeah, exactly. So and the answer that we have come up with is definitely the offsets chain storage. So the actual data is not stored in the blockchain. So if if we do not store anything, anything containing personally identifiable information in the blockchain, then we don't basically need to worry about the contents of the blockchain because GDPR doesn't apply in there. That's the kind of separation of concerns that we are creating that GDPR doesn't apply at all in the blockchain because we are not storing anything that is personally identifiable. Okay, thank you and you've asked that new Pam ask that question. Igor asking, can you talk about public key in the context of GDPR. What is the general view public key. No, I can't talk about that. I think that's the end of the PK infrastructure that long line PK PK and I completely understand that one but let's say I have what I can say about this is that what I've understood these that for example, using the private key this private key to encrypt stuff in the blockchain. And then you have public key available and kind of trashing the private key is considered from use point of view. Considered to be pseudonymization, at least to some of the strictest reports do consider it to be pseudonymization so that's not acceptable. I don't know, most probably I didn't answer the question at all but nevertheless. Igor, if you want more to ask again, and we can get more clarification on that, but I think that that was good. And then the second one is from a new Pam, and he says, doing anonymization of data or coordinating offline storage still makes out a way to circumnavigate the GDPR close of right to Asia, because although unlinked it is still stored. Hashes and checksums being stored in a blockchain means at a later date someone would need to validate it by checking the original data, or if not how. The original data. Yeah, yeah, that's the case if you get the original data then you're kind of that's the key to kind of everything. The contents of the blockchain is not the key to anything you can take a look at the blockchain and you can never build back what's the actual data is given at the infinitum I believe that is the case so. Any questions, the questions, please ask, ask more questions, please. And yeah, any please move forward. Okay. Sure. All right what I'm going to go through is kind of the architecture and implementation this is a little technological side of things but I'm not going to go to techie in there, unless somebody wants to I am taking. So I can go, but I don't think that's sort of purpose here. So the architecture implementation as I said we use the storage integrated by the blockchain so often stay chain storage and this brings in the benefits that I was talking about a couple of slides ago that you need to. This is separates the controller and processor and we don't need to GDPR doesn't apply into the blockchain itself, as it doesn't store anything. That's the main approach that we did and it's a conservative so choice. Definitely conservative choice and here we are not challenging a you or GDPR and but we are taking the kind of the most compliant approach to the GDPR there. What we have done is we have created a hybrid blockchain. Instead of, I don't know. Typically we categorize blockchains into main categories, which one is private and permission and one is public. This is of course over simplification of stop but for the sake of sake of argument that's, that's one way of separating them. So we have actually created this a hybrid blockchain using actually hybrid fabrics features there. The hybrid blockchain in from our point of view means that actual data processing transaction transaction handling within the blockchains are happening in private and permission and environment, but then anybody can have access to the. Blockchain and view the contents of the blockchain because, again, we use soft chain storage, there is no private personal personal data in that blockchain. And for that we have. But let's let me say a word about private and permission and blockchains. There might be a small problem with their private and permission and blockchains or couple of ones, which need to be kind of addressed when you're when you are implementing an environment. One of the one issue. One issue is that that trust, let's say that I run a blockchain in my laptop, which I actually do, but the trustworthiness of that blockchain is exactly the equal to my trustworthiness. How trustworthy you consider me to be my blockchain on my laptop is is as equally trustworthiness trustworthy. Then there is the issue of data distribution. If I run it only on my laptop. It's, it's relatively not distributed at all. So what we came up is what we call institutional members. We have built a network. We have built a network that in addition to having the companies doing the actual storage of archival information in there. In addition to them, we brought in institutional members basically these are universities and such. And why we did that. First of all, companies can be bought. Nearly any company is up for sale if the price is right. And so the there's always the possibility that the data ends up in in in some kind of a malicious hands or something of that similar. Then universities then do not seem to have this problem. I haven't heard. I believe that it's possible that the university might be bought. But at least that's going to cause some noise. And somebody is going to notice when you're near university has been sold to somebody and ownership is in dubious hands. But so what we bring in is institutional members to process and distribute today. What they do is they they do the data validation. They do the they participate in the storing so the distribution of the data and the power of blockchain comes from the distribution of distribution of data. The more we distribute the more difficult it comes to kind of tamper with that date. So we are bringing kind of new layer of trustworthiness into the platform. And what this also does is that it doesn't introduce the overhead of processing public blockchains probably are the kind of kind of most most secure in a way because the distribution is incredibly wide. If we take how many blockchain nodes are in the world. I can't even guess how many ethereum nodes there are. There must be incredible amount of them, but it comes with cost. It comes with the cost with with public blockchains. It kind of and the cost is the true output, how many, how many transactions we can process in what time, and then it comes with energy consumption and all that kind of stuff. So, from my point of view, we have more or less managed to kind of bring additional trust in the private blockchains without getting the problems of public public blockchains. And what we have then have summa summarum we have publicly verifiable in the critic with GDPR compliance. So that's the method of hybrid blockchain or that's the benefit of hybrid blockchain that we come up with. There are a lot of hyperlature fabric specific features that we utilize there and it has kind of been a driver a lot of a lot of innovation in our company and it has brought a lot of smaller features in there but this is the kind of high level view what we actually have done there. Right. That's about the architecture. I, as I'm a techie I can, I can go as deep as deep as we want but that time is limited. I'm not going to proudly present what I have come up with and with my colleagues but that's the kind of general idea of that. If we want to go, then Julian that you have something. So specific questions now I think I think let's go on to the next next stage but please do continue with the questions. Okay, good. So, we come up to the next slide which is basically why, why we did all these. What's the purpose of all these so what's the business justification. Here, Tommy if you, if you want to say a word or two, I will be gladly joining, joining you in this custom with this one. Yes, happy to, happy to do that so as, as described here so our perspective from business is, is offering a document storage and archival system. And being in that industry and business for many years and talking with customers in different countries, mainly in Europe. We have coming to conclusion that there is kind of new things happening and new demands coming up where blockchain enabled archive can add value, especially under these three main categories here. And, and, and that's our kind of, of viewpoint. So we, we have developed a solution which gives an adds additional value for many of these service providers. We serve who use our system, then to storage business critical data from from companies and organizations operating in many industries. Of course, everything shouldn't go to blockchain, very under blockchain verification, but there are most of businesses and organization has some extremely critical sensitive data. They want to kind of off. Yeah, I'm a sales person. So I use a kind of additional insurance on top of everything to get these irrefutable integrity for the data. And that's, that's the kind of off use case and viewpoint we have. Of course, this is a new, new area we are pioneers here in a way. So it's also learning together with our customers and they end customers where this solution can really add most value. So at the moment, it looks very much for example, in insurance industry is, is and seems to be extremely interesting about this solution. As an example, finances is quite simple use case that they have used to this kind of off principalities and ideas to work with. So that's maybe you, you want to expand from that. Yeah, yeah, definitely. What you said is the case. And, yeah, if we can kind of to the high volume slash high value point on there, what we from what Tommy there kind of describe is, is what kind of customers are expecting from us. That's, that's what they are expecting what they are kind of happy to see us do and the high volume slash high value is kind of a point from our point of view. Why what's good in this for us, of course, happy customers are always good for us. That's definitely the case. But what we are doing here by bringing this irrefutable in the gritty in the archive, what we are kind of moving is that we typically have been high volume business we have been storing up, as well as said hundreds of millions of documents per installation and stuff like that, what we are now bringing in that we are bringing in the kind of moving into the more high value document really important stuff that needs to be proven to be there's no there can't be a case where it has been tampered or something like that really highly important documents can be stored in that. And even, sorry, and yes, go ahead, just just continue from that. So, with existing solution as ours, or many other good solutions in the marketplace, the one one key challenges that there is always human human acting as an administration, a person and that that opens, let's say, some most of time very small challenges or problems but with this, this methodology we are bringing to the market you can kind of, if I say kindly remove human factor in a way from the process and and that's opens interesting ideas for these organizations. Many of them with whom we are discussing are also kind of pointing out challenges they are facing with technology developing in all areas so deep fake videos are getting better and better and then how to prove integrity of certain certificates or last will or a piece of art or there are many these kinds of areas which which Johnny pointed out so high value documents and now what we are working with our customers and prospects is is is to understand the balance and demands from from these both areas that which should go to blockchain and which are just fine to be kept as as of today. Yeah. After that one we counted last point here which is trust. And as I kind of described roles of controller and processor in this model. This brings in additional trust into the system as whole. And what's of course is difficult subject for service providers is that this also brings the aspect of that customer doesn't need to have as much trust off the service provider. They have the kind of trust them so completely and blindly because they have always methodology how to prove stuff independent off the service provider. So that's a huge stuff from from in business world. If you just think about it, it kind of modifies the whole whole scenario there. And it brings in this kind of separation of concerns also. So the data controller stays as the controller and the processor is just the processor. Okay. We have a bunch of questions coming in actually. Okay. We've got about 510 minutes more so please do ask the questions. So who owns the who owns and finance the network who picks the order is user authentication done with certificates or by next rest API. How does the architecture scale beyond 20 nodes. In fact that's four questions in one. That's not a question that far. You could pick one out though right so he owns the works and the other questions. Yeah, go ahead. I can I can take about the network ownership. That's that's actually really important topics in in this kind of work do because the governance model and the ownership of the network actually is an key key ingredient in the trust of the system. We need to have an and what we have created we have created an open governance model, meaning that we have governance statement that states. And we have a we have a formal proceedings in that government statement described what are the responsibilities and and rights of each of the members within the network. It's a really big question who owns that and we have tried to make it as open as possible. For example, all the network governance decisions will be kind of public and all that stuff so so that's a great question. Yeah. That's Kent. I know in Hong Kong. I can't. So a great question there and then we've got one in our chat here. A question to understand hybrid blockchain. We've had a lot of questions around the concept and what you're doing hybrid hybrid blockchain. What is meant with institutional members. Is it not common to any hyper ledger is it is not common to any hyper ledger implement to have multiple nodes spread over members in the ecosystem. Do you mean government or EU members maybe outside the ecosystem. It is it could be governmental members. It's neutral parties parties that don't have interest in the data as such. That's kind of an important distinction there, because the data processor might have an interest in the actual data itself and might be doing malicious stuff and all that kind of stuff. So what we bring in is that this could be we actually have one governmental body joining in joining in as an institutional member. It's a Finnish governmental body that's going to join the network to kind of participate in the processing and distribution of data. Because it's a university so the other kind of typical use case from our point of view. Okay, great. Another another question, see the private data collection seems to come up a lot in all these questions right. So are you using that off chain storage as a direct kind of question or maybe does that make sense. Sorry, no, didn't make sense. It's a it's a it's a hyperledger fabric thing or we could we can leave leave that. Let's see. I'm trying to find a specific one, or maybe what I can ask you because we're coming up to near the end. What what has been and I think it's been a great talk right. We've covered GDPR GDPR blockchain how you know what the troubles were. So, so what would you say maybe Tommy, any what would have been the, the biggest challenges of making this happen. Yeah, so far what is it been the technology. Is it the governance. Is it is it is it is it is it, you know, explaining it to the world what what what what what what what what are the barriers that you say if I if I start one technology is is is blockchains are not seen by definition they are not simple systems to handle and handle and so. So these there is definite learning curve there. However, in my opinion that hasn't been that's that's what techies do we do challenges in staff and that's what we live for. So, that hasn't been as much as a problem as you might guess. The building has definitely been this institutional members that we are bringing in the network they have been slow, or if I can just quickly comment that consortium building from university perspective that yeah they are slow moving organizations but on the other hand they have a lots of demand and interest towards research and and possibility to join to this kind of later on global network is is a quite unique opportunity for them as well to research further and and that's why it seems to be the way to go there because we how we see the this blockchain network that we start with our document storage and archival system. But as how we have designed the consortium and governance the blockchain network this this hybrid solution we have built can grow to wherever so so it opens very interesting opportunities so so but it's always when you are kind of frontrunner or pioneer so it takes time and and like Janne said it's not only technology which is challenging enough to learn and then kind of it's it's the world around to get people understand also in now most of you are techies but the most of world doesn't know more about blockchain than Bitcoin, if I'm a little bit simplified just starting from there with business people why this makes sense why it's that value so so it's a challenging interesting but very motivating process also. Yeah. Definitely and as we discussed earlier open governance model is is is a great thing it's an it's a pro definitely that that simplifies things and it brings trustworthiness in the whole whole kind of business as such. Yeah so so continuously I hear you know technologies is challenging and that but in the end it's it's getting organization together to. And maybe adding a one one more thing. Generally for everyone is also that when we look blockchain we we are fairly pragmatic and try to be realistic we tried to see ways how business world could get great benefit out of it. And like Janne explained that public blockchains has its challenges and same with the private ones. So this hybrid model we have created at least at the moment it looks that it creates interest around business world because it's kind of combines some of the the strengths from both worlds and then hopefully it will find a place and we will push hard and and see where where it will take us. Excellent. So I think I'm going to wrap now. And thank you so I think an hour is probably not enough. So I think I think we've got a lot of information that out there. I see a lot of interest from people actually just one quick question if people want to get involved. Can they just contact you or what's what's the actually. Yes, yes, definitely. I'll put the contacts down below but yes. Yeah, exactly just just contact us we are more than happy to continue to discuss some stuff to this one's if if it's necessary so. And if people want to discuss I know I see lots of technology because some people say a theorem have the logic. There's all kinds of other kind of technology. How do we work with many different platforms is the standard interoperable issues right so all really good. I'm going to say thank you to Yanni. Thank you to Tommy. Thank you to the other Yanni and for Jeffrey who's been answering many of those questions as we go along. That was a great session and thank you everybody for attending today. And we look forward to more and take care and look after yourself. Take care everybody. Cheers. Bye. Thank you. Yanni, do you know if we can answer these questions when there are quite a lot of questions like how does it work or how does it work? I don't know. I have to ask Juliana because this Zoom is a bit of a touch. Yes, because I believe there is a good question and such. Yes, yes. Okay, do we close here and wait? We have 30 guys online so maybe I'll take a look. Okay, thank you very much.