Privacy and data protection an opportunity, says entrepreneur

Transparency and trust

By signing up to the service using only an email address and no other personal information, users can get answers to seven standard questions about how companies are using personal data.

“Under the GDPR, companies have an obligation to respond to these requests, but we see most companies with significant public exposure follow a more reactive, compliance-driven approach to privacy and data protection. They frame it as a necessary evil, and say it is limiting their opportunities,” said Aschberger.

As a result, he said, requesting this information is often not a very user-friendly process, with some companies making it even more difficult by requiring applicants to prove their identity by supplying additional personal information and going through onerous identity verification processes.

“We are trying to go down the road for individuals to make it standardised and easy,” said Aschberger, who is encouraging organisations where a significant part of their business relates to customers or consumers to work with One.Thing.Less and others to grow consumer trust.

“These organisations have an opportunity to make it easier for consumers to find out how their data is being used instead of directing them to a privacy policy, some of which are documents that run to 14,000 words, that would take the average person two hours to read.”

According to Aschberger, organisations can build trust in a world where it is continually being lost, by saying they want to be transparent and make it very easy for individuals to understand the key elements of how the organisation processes personal data.

“And by working with startups like us, which are consolidating consumer power and consumer interests, organisations can avoid having to deal with requests from millions of individuals because they will already have responded to the key questions.”

This model has already proven to be successful in the context of environmental and sustainability discussions, said Aschberger. “Many retailers work with different labels and want to be known for the fact that their supply chain is clean, that they have green initiatives.

“We believe one of the next big frontiers and topics for businesses will be how to manage trust. If organisations make it very difficult for individuals to understand what they do with personal data, they might have a much bigger risk in terms of public perception and audits from data protection authorities than if they can say they have something that proactively makes it easier for customers to understand how personal data is treated.”

One.Thing.Less is already working with some big brands, particularly in the hospitality and luxury industries, and the ones who are benefiting the most, according to Aschberger, are those that understand the business benefits of engaging with consumers and working with the startup to do that in the most informative manner.

“We are helping them to analyse their personal data handling practices so that they are able to give crisp, short, more generic answers,” he said.

Platform for action

One.Thing.Less is also looking to help organisations make it easier for customers to respond to these answers by taking additional steps to change the way their data is processed if they are unhappy with the standard practices.

“Where individuals want to take additional action, then we will guide them to the proper platform or portal that the company has for making the desired changes,” said Aschberger.

“Our point is to say if you help people to understand that you are not an evil corporation selling their personal data to third parties, then that will help you in the long term because where we are heading with our platform is not just with the simple answers.

“Our aim is to build up the necessary momentum and critical mass that we can actually say we are going further into a platform that proactively manages consent.”

In all the data breaches that have made headlines in recent months and years, Aschberger said one key problem was that the more personal data companies collect in an uncontrolled way, the higher the risk is that data is compromised in the event of a security breach.

“If organisations keep only the data they need and they keep it only for as long as they need it, they can significantly reduce the risk of being responsible for leaking sensitive personal data. Organisations need to look at how they manage data and really question themselves in the principle and spirit of the GDPR mandate of data minimisation if they really need all of this data they capture because more data is not necessarily better if you look at it from a cyber risk perspective,” he said.

Aschberger will discuss this topic in more detail in a session entitled “Next steps in data protection and compliance” at the European Identity & Cloud Conference 2019 from 14 to 17 May in Munich.